Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

chrome vulnerabilities and exploits

(subscribe to this query)
740
VMScore

CVE-2014-3159

The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome prior to 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote malicious users to spoof the URL in ...
Google ChromeGoogle Chrome 36.0.1985.1Google Chrome 36.0.1985.2Google Chrome 36.0.1985.3Google Chrome 36.0.1985.4Google Chrome 36.0.1985.5Google Chrome 36.0.1985.6Google Chrome 36.0.1985.8Google Chrome 36.0.1985.12Google Chrome 36.0.1985.13Google Chrome 36.0.1985.14Google Chrome 36.0.1985.15
850
VMScore

CVE-2014-3161

The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome prior to 36.0.1985.122 on Android does not properly interact with redirects, which allows remote malicious users to bypass the Same Origin Policy via a crafted we...
Google ChromeGoogle Chrome 36.0.1985.1Google Chrome 36.0.1985.2Google Chrome 36.0.1985.3Google Chrome 36.0.1985.4Google Chrome 36.0.1985.5Google Chrome 36.0.1985.6Google Chrome 36.0.1985.8Google Chrome 36.0.1985.12Google Chrome 36.0.1985.13Google Chrome 36.0.1985.14Google Chrome 36.0.1985.15
600
VMScore

CVE-2012-5155

Google Chrome prior to 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote malicious users to bypass intended access restrictions via unspecified vectors.
Google ChromeGoogle Chrome 24.0.1272.0Google Chrome 24.0.1272.1Google Chrome 24.0.1273.0Google Chrome 24.0.1274.0Google Chrome 24.0.1275.0Google Chrome 24.0.1276.0Google Chrome 24.0.1276.1Google Chrome 24.0.1277.0Google Chrome 24.0.1278.0Google Chrome 24.0.1279.0Google Chrome 24.0.1280.0
780
VMScore

CVE-2012-5156

Use-after-free vulnerability in Google Chrome prior to 24.0.1312.52 allows remote malicious users to cause a denial of service or possibly have unspecified other impact via vectors involving PDF fields.
Google ChromeGoogle Chrome 24.0.1272.0Google Chrome 24.0.1272.1Google Chrome 24.0.1273.0Google Chrome 24.0.1274.0Google Chrome 24.0.1275.0Google Chrome 24.0.1276.0Google Chrome 24.0.1276.1Google Chrome 24.0.1277.0Google Chrome 24.0.1278.0Google Chrome 24.0.1279.0Google Chrome 24.0.1280.0
850
VMScore

CVE-2013-0838

Google Chrome prior to 24.0.1312.52 on Linux uses weak permissions for shared memory segments, which has unspecified impact and attack vectors.
Google ChromeGoogle Chrome 24.0.1272.0Google Chrome 24.0.1272.1Google Chrome 24.0.1273.0Google Chrome 24.0.1274.0Google Chrome 24.0.1275.0Google Chrome 24.0.1276.0Google Chrome 24.0.1276.1Google Chrome 24.0.1277.0Google Chrome 24.0.1278.0Google Chrome 24.0.1279.0Google Chrome 24.0.1280.0
850
VMScore

CVE-2010-1500

Google Chrome prior to 4.1.249.1059 does not properly support forms, which has unknown impact and attack vectors, related to a "type confusion error."
Google ChromeGoogle Chrome 1.0.154.53Google Chrome 1.0.154.59Google Chrome 1.0.154.64Google Chrome 1.0.154.65Google Chrome 2.0.169.0Google Chrome 2.0.169.1Google Chrome 2.0.170.0Google Chrome 2.0.172.2Google Chrome 2.0.172.8Google Chrome 2.0.172.27Google Chrome 2.0.172.28
1000
VMScore

CVE-2010-1502

Unspecified vulnerability in Google Chrome prior to 4.1.249.1059 allows remote malicious users to access local files via vectors related to "developer tools."
Google ChromeGoogle Chrome 1.0.154.53Google Chrome 1.0.154.59Google Chrome 1.0.154.64Google Chrome 1.0.154.65Google Chrome 2.0.169.0Google Chrome 2.0.169.1Google Chrome 2.0.170.0Google Chrome 2.0.172.2Google Chrome 2.0.172.8Google Chrome 2.0.172.27Google Chrome 2.0.172.28
530
VMScore

CVE-2010-1503

Cross-site scripting (XSS) vulnerability in Google Chrome prior to 4.1.249.1059 allows remote malicious users to inject arbitrary web script or HTML via vectors related to a chrome://net-internals URI.
Google ChromeGoogle Chrome 1.0.154.53Google Chrome 1.0.154.59Google Chrome 1.0.154.64Google Chrome 1.0.154.65Google Chrome 2.0.169.0Google Chrome 2.0.169.1Google Chrome 2.0.170.0Google Chrome 2.0.172.2Google Chrome 2.0.172.8Google Chrome 2.0.172.27Google Chrome 2.0.172.28
530
VMScore

CVE-2010-1504

Cross-site scripting (XSS) vulnerability in Google Chrome prior to 4.1.249.1059 allows remote malicious users to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI.
Google ChromeGoogle Chrome 1.0.154.53Google Chrome 1.0.154.59Google Chrome 1.0.154.64Google Chrome 1.0.154.65Google Chrome 2.0.169.0Google Chrome 2.0.169.1Google Chrome 2.0.170.0Google Chrome 2.0.172.2Google Chrome 2.0.172.8Google Chrome 2.0.172.27Google Chrome 2.0.172.28
1000
VMScore

CVE-2010-1505

Google Chrome prior to 4.1.249.1059 does not prevent pages from loading with the New Tab page's privileges, which has unknown impact and attack vectors.
Google ChromeGoogle Chrome 1.0.154.53Google Chrome 1.0.154.59Google Chrome 1.0.154.64Google Chrome 1.0.154.65Google Chrome 2.0.169.0Google Chrome 2.0.169.1Google Chrome 2.0.170.0Google Chrome 2.0.172.2Google Chrome 2.0.172.8Google Chrome 2.0.172.27Google Chrome 2.0.172.28
Preferred Score:
VMScore
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
type confusionunspecifiedCVE-2025-24200reflected XSSpanelCVE-2024-12549temporal technologies, inc.CVE-2024-21971CVE-2024-57777CVE-2023-31122CVE-2025-0909winzip computingunified secops platform
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook