This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Google First view 2018-12-11
Product Chrome Last view 2023-01-10
Version 71.0.3552.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:google:chrome

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.3 2023-01-10 CVE-2023-0141

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

6.5 2023-01-10 CVE-2023-0140

Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low)

6.5 2023-01-10 CVE-2023-0139

Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low)

8.8 2023-01-10 CVE-2023-0138

Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

8.8 2023-01-10 CVE-2023-0137

Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8 2023-01-10 CVE-2023-0136

Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium)

8.8 2023-01-10 CVE-2023-0135

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)

8.8 2023-01-10 CVE-2023-0134

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)

6.5 2023-01-10 CVE-2023-0133

Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium)

6.5 2023-01-10 CVE-2023-0132

Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)

6.5 2023-01-10 CVE-2023-0131

Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)

6.5 2023-01-10 CVE-2023-0130

Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

8.8 2023-01-10 CVE-2023-0129

Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)

8.8 2023-01-10 CVE-2023-0128

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

4.3 2023-01-02 CVE-2022-4025

Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low)

6.1 2023-01-02 CVE-2022-3863

Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)

7.5 2023-01-02 CVE-2022-3842

Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8 2023-01-02 CVE-2022-2743

Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)

8.8 2023-01-02 CVE-2022-2742

Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chrome security severity: High)

6.1 2023-01-02 CVE-2022-0801

Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)

6.5 2023-01-02 CVE-2022-0337

Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High)

8.8 2023-01-02 CVE-2021-30558

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium)

5.4 2023-01-02 CVE-2021-21200

Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low)

7.4 2023-01-02 CVE-2019-13768

Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High)

8.8 2022-12-14 CVE-2022-4440

Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
42% (435) CWE-416 Use After Free
25% (260) CWE-787 Out-of-bounds Write
7% (74) CWE-20 Improper Input Validation
3% (31) CWE-125 Out-of-bounds Read
2% (27) CWE-190 Integer Overflow or Wraparound
2% (23) CWE-668 Exposure of Resource to Wrong Sphere
2% (23) CWE-346 Origin Validation Error
2% (23) CWE-276 Incorrect Default Permissions
1% (14) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (13) CWE-290 Authentication Bypass by Spoofing
0% (10) CWE-362 Race Condition
0% (9) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (9) CWE-203 Information Exposure Through Discrepancy
0% (9) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
0% (7) CWE-200 Information Exposure
0% (7) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (6) CWE-269 Improper Privilege Management
0% (4) CWE-281 Improper Preservation of Permissions
0% (4) CWE-209 Information Exposure Through an Error Message
0% (4) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
0% (3) CWE-415 Double Free
0% (3) CWE-312 Cleartext Storage of Sensitive Information
0% (2) CWE-755 Improper Handling of Exceptional Conditions
0% (2) CWE-754 Improper Check for Unusual or Exceptional Conditions
0% (2) CWE-476 NULL Pointer Dereference

SAINT Exploits

Description Link
Google Chrome SimplifiedLowering bug More info here

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-12-23 Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt
RuleID : 56438 - Type : BROWSER-CHROME - Revision : 1
2020-12-23 Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt
RuleID : 56437 - Type : BROWSER-CHROME - Revision : 1
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56133 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56132 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56131 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56130 - Type : BROWSER-CHROME - Revision : 2
2020-10-27 Google Chrome AudioArray memory corruption attempt
RuleID : 55810 - Type : BROWSER-CHROME - Revision : 1
2020-10-27 Google Chrome AudioArray memory corruption attempt
RuleID : 55809 - Type : BROWSER-CHROME - Revision : 1
2020-09-02 Google Chrome blink webaudio module use after free attempt
RuleID : 54625 - Type : BROWSER-CHROME - Revision : 1
2020-09-02 Google Chrome blink webaudio module use after free attempt
RuleID : 54624 - Type : BROWSER-CHROME - Revision : 1
2020-09-02 Google Chrome ReadableStream out of bounds read attempt
RuleID : 54623 - Type : BROWSER-CHROME - Revision : 1
2020-09-02 Google Chrome ReadableStream out of bounds read attempt
RuleID : 54622 - Type : BROWSER-CHROME - Revision : 1
2020-08-11 Google Chrome Blink use-after-free attempt
RuleID : 54498 - Type : BROWSER-CHROME - Revision : 1
2020-08-11 Google Chrome Blink use-after-free attempt
RuleID : 54497 - Type : BROWSER-CHROME - Revision : 1
2020-06-11 Google Chromium for Android AddInterface use after free attempt
RuleID : 53943 - Type : BROWSER-CHROME - Revision : 1
2020-06-11 Google Chromium for Android AddInterface use after free attempt
RuleID : 53942 - Type : BROWSER-CHROME - Revision : 1
2020-06-10 Google Chromium ImageCapture use after free attempt
RuleID : 53845 - Type : BROWSER-CHROME - Revision : 1
2020-06-10 Google Chromium ImageCapture use after free attempt
RuleID : 53844 - Type : BROWSER-CHROME - Revision : 1
2020-06-04 Chromium use after free exploitation attempt
RuleID : 53836 - Type : INDICATOR-COMPROMISE - Revision : 1
2020-06-04 Chromium use after free exploitation attempt
RuleID : 53835 - Type : INDICATOR-COMPROMISE - Revision : 1
2020-05-05 Google Chrome desktopMediaPickerController use after free attempt
RuleID : 53534 - Type : BROWSER-CHROME - Revision : 1
2020-05-05 Google Chrome desktopMediaPickerController use after free attempt
RuleID : 53533 - Type : BROWSER-CHROME - Revision : 1
2020-03-31 Google Chrome V8 Turbofan Array pop type confusion attempt
RuleID : 53343 - Type : BROWSER-CHROME - Revision : 1
2020-03-31 Google Chrome V8 Turbofan Array pop type confusion attempt
RuleID : 53342 - Type : BROWSER-CHROME - Revision : 1
2019-12-05 known malicious browser profiler script download attempt
RuleID : 52071 - Type : MALWARE-OTHER - Revision : 1

Nessus® Vulnerability Scanner

id Description
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-348547a32d.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote Fedora host is missing a security update.
File: fedora_2019-859384e002.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_546d4dd410ea11e9b407080027ef1a23.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_720590df10eb11e9b407080027ef1a23.nasl - Type: ACT_GATHER_INFO
2018-12-24 Name: The remote Debian host is missing a security update.
File: debian_DLA-1613.nasl - Type: ACT_GATHER_INFO
2018-12-14 Name: A web browser installed on the remote Windows host is affected by a use after...
File: google_chrome_71_0_3578_98.nasl - Type: ACT_GATHER_INFO
2018-12-14 Name: A web browser installed on the remote macOS host is affected by a use after f...
File: macosx_google_chrome_71_0_3578_98.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4352.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: A web browser installed on the remote Windows host is affected by multiple vu...
File: google_chrome_71_0_3578_80.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: A web browser installed on the remote macOS host is affected by multiple vuln...
File: macosx_google_chrome_71_0_3578_80.nasl - Type: ACT_GATHER_INFO