Summary
| Detail | |||
|---|---|---|---|
| Vendor | First view | 2019-06-27 | |
| Product | Chrome | Last view | 2025-06-11 |
| Version | 74.0.3729.131 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:google:chrome | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 0 | 2025-06-11 | CVE-2025-5959 | Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
| 0 | 2025-06-11 | CVE-2025-5958 | Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| 0 | 2025-06-03 | CVE-2025-5419 | Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| 0 | 2025-06-03 | CVE-2025-5068 | Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| 0 | 2025-05-27 | CVE-2025-5283 | Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| 0 | 2025-05-27 | CVE-2025-5281 | Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium) |
| 0 | 2025-05-27 | CVE-2025-5280 | Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| 0 | 2025-05-27 | CVE-2025-5067 | Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| 0 | 2025-05-27 | CVE-2025-5066 | Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| 0 | 2025-05-27 | CVE-2025-5065 | Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| 0 | 2025-05-27 | CVE-2025-5064 | Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
| 0 | 2025-05-27 | CVE-2025-5063 | Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| 4.3 | 2025-05-14 | CVE-2025-4664 | Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) |
| 0 | 2025-05-06 | CVE-2025-4372 | Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| 0 | 2025-05-05 | CVE-2025-4096 | Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| 0 | 2025-05-05 | CVE-2025-4052 | Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) |
| 0 | 2025-05-05 | CVE-2025-4051 | Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) |
| 0 | 2025-05-05 | CVE-2025-4050 | Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| 0 | 2025-04-16 | CVE-2025-3620 | Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| 0 | 2025-04-16 | CVE-2025-3619 | Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) |
| 0 | 2025-04-02 | CVE-2025-3074 | Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| 0 | 2025-04-02 | CVE-2025-3073 | Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| 0 | 2025-04-02 | CVE-2025-3072 | Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| 0 | 2025-04-02 | CVE-2025-3071 | Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) |
| 0 | 2025-04-02 | CVE-2025-3070 | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 47% (583) | CWE-416 | Use After Free |
| 24% (297) | CWE-787 | Out-of-bounds Write |
| 4% (49) | CWE-125 | Out-of-bounds Read |
| 3% (48) | CWE-20 | Improper Input Validation |
| 2% (27) | CWE-346 | Origin Validation Error |
| 1% (24) | CWE-362 | Race Condition |
| 1% (23) | CWE-276 | Incorrect Default Permissions |
| 1% (22) | CWE-190 | Integer Overflow or Wraparound |
| 1% (19) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 1% (13) | CWE-290 | Authentication Bypass by Spoofing |
| 0% (12) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 0% (11) | CWE-203 | Information Exposure Through Discrepancy |
| 0% (10) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 0% (7) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 0% (7) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 0% (6) | CWE-345 | Insufficient Verification of Data Authenticity |
| 0% (6) | CWE-200 | Information Exposure |
| 0% (6) | CWE-122 | Heap-based Buffer Overflow |
| 0% (5) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
| 0% (4) | CWE-281 | Improper Preservation of Permissions |
| 0% (4) | CWE-269 | Improper Privilege Management |
| 0% (3) | CWE-755 | Improper Handling of Exceptional Conditions |
| 0% (3) | CWE-209 | Information Exposure Through an Error Message |
| 0% (3) | CWE-116 | Improper Encoding or Escaping of Output |
| 0% (2) | CWE-665 | Improper Initialization |
SAINT Exploits
| Description | Link |
|---|---|
| Google Chrome SimplifiedLowering bug | More info here |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-12-23 | Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt RuleID : 56438 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-12-23 | Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt RuleID : 56437 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56133 - Type : BROWSER-CHROME - Revision : 2 |
| 2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56132 - Type : BROWSER-CHROME - Revision : 2 |
| 2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56131 - Type : BROWSER-CHROME - Revision : 2 |
| 2020-12-01 | Google Chrome PNG in TTF parsing heap overflow attempt RuleID : 56130 - Type : BROWSER-CHROME - Revision : 2 |
| 2020-10-27 | Google Chrome AudioArray memory corruption attempt RuleID : 55810 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-10-27 | Google Chrome AudioArray memory corruption attempt RuleID : 55809 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-09-02 | Google Chrome blink webaudio module use after free attempt RuleID : 54625 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-09-02 | Google Chrome blink webaudio module use after free attempt RuleID : 54624 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-09-02 | Google Chrome ReadableStream out of bounds read attempt RuleID : 54623 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-09-02 | Google Chrome ReadableStream out of bounds read attempt RuleID : 54622 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-08-11 | Google Chrome Blink use-after-free attempt RuleID : 54498 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-08-11 | Google Chrome Blink use-after-free attempt RuleID : 54497 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-06-11 | Google Chromium for Android AddInterface use after free attempt RuleID : 53943 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-06-11 | Google Chromium for Android AddInterface use after free attempt RuleID : 53942 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-06-10 | Google Chromium ImageCapture use after free attempt RuleID : 53845 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-06-10 | Google Chromium ImageCapture use after free attempt RuleID : 53844 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-06-04 | Chromium use after free exploitation attempt RuleID : 53836 - Type : INDICATOR-COMPROMISE - Revision : 1 |
| 2020-06-04 | Chromium use after free exploitation attempt RuleID : 53835 - Type : INDICATOR-COMPROMISE - Revision : 1 |
| 2020-05-05 | Google Chrome desktopMediaPickerController use after free attempt RuleID : 53534 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-05-05 | Google Chrome desktopMediaPickerController use after free attempt RuleID : 53533 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-03-31 | Google Chrome V8 Turbofan Array pop type confusion attempt RuleID : 53343 - Type : BROWSER-CHROME - Revision : 1 |
| 2020-03-31 | Google Chrome V8 Turbofan Array pop type confusion attempt RuleID : 53342 - Type : BROWSER-CHROME - Revision : 1 |
| 2019-12-05 | known malicious browser profiler script download attempt RuleID : 52071 - Type : MALWARE-OTHER - Revision : 1 |
