This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Google First view 2014-07-20
Product Chrome Last view 2023-09-28
Version 36.0.1985.54 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:google:chrome

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
8.8 2023-09-28 CVE-2023-5217

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8 2023-09-28 CVE-2023-5187

Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8 2023-09-28 CVE-2023-5186

Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High)
4.3 2023-09-12 CVE-2023-4909

Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)
4.3 2023-09-12 CVE-2023-4908

Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)
4.3 2023-09-12 CVE-2023-4907

Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)
4.3 2023-09-12 CVE-2023-4906

Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
4.3 2023-09-12 CVE-2023-4905

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
4.3 2023-09-12 CVE-2023-4904

Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium)
4.3 2023-09-12 CVE-2023-4903

Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
4.3 2023-09-12 CVE-2023-4902

Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
4.3 2023-09-12 CVE-2023-4901

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
4.3 2023-09-12 CVE-2023-4900

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium)
8.8 2023-09-12 CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
6.5 2023-09-05 CVE-2023-4764

Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
8.8 2023-09-05 CVE-2023-4763

Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8 2023-09-05 CVE-2023-4762

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
8.1 2023-09-05 CVE-2023-4761

Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
8.8 2023-08-29 CVE-2023-4572

Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8 2023-08-25 CVE-2022-4452

Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
9.6 2023-08-25 CVE-2019-13690

Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
7.8 2023-08-25 CVE-2019-13689

Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical)
8.1 2023-08-23 CVE-2023-4431

Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
8.8 2023-08-23 CVE-2023-4430

Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.8 2023-08-23 CVE-2023-4429

Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
31% (564) CWE-416 Use After Free
18% (331) CWE-787 Out-of-bounds Write
9% (170) CWE-20 Improper Input Validation
5% (95) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
4% (73) CWE-125 Out-of-bounds Read
3% (60) CWE-200 Information Exposure
3% (55) CWE-190 Integer Overflow or Wraparound
2% (49) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
2% (39) CWE-264 Permissions, Privileges, and Access Controls
1% (35) CWE-362 Race Condition
1% (29) CWE-254 Security Features
1% (27) CWE-284 Access Control (Authorization) Issues
1% (25) CWE-346 Origin Validation Error
1% (24) CWE-276 Incorrect Default Permissions
1% (18) CWE-17 Code
0% (14) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (14) CWE-19 Data Handling
0% (13) CWE-668 Exposure of Resource to Wrong Sphere
0% (13) CWE-290 Authentication Bypass by Spoofing
0% (13) CWE-203 Information Exposure Through Discrepancy
0% (12) CWE-189 Numeric Errors
0% (10) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (9) CWE-704 Incorrect Type Conversion or Cast
0% (9) CWE-399 Resource Management Errors
0% (7) CWE-269 Improper Privilege Management

SAINT Exploits

Description Link
Google Chrome SimplifiedLowering bug More info here

Information Assurance Vulnerability Management (IAVM)

id Description
2015-B-0107 Multiple Security Vulnerabilities in Google Chrome
Severity: Category I - VMSKEY: V0061361
2015-A-0154 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0061081
2014-B-0100 Multiple Security Vulnerabilities in Google Chrome
Severity: Category I - VMSKEY: V0053311

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-12-23 Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt
RuleID : 56438 - Type : BROWSER-CHROME - Revision : 1
2020-12-23 Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt
RuleID : 56437 - Type : BROWSER-CHROME - Revision : 1
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56133 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56132 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56131 - Type : BROWSER-CHROME - Revision : 2
2020-12-01 Google Chrome PNG in TTF parsing heap overflow attempt
RuleID : 56130 - Type : BROWSER-CHROME - Revision : 2
2020-10-27 Google Chrome AudioArray memory corruption attempt
RuleID : 55810 - Type : BROWSER-CHROME - Revision : 1
2020-10-27 Google Chrome AudioArray memory corruption attempt
RuleID : 55809 - Type : BROWSER-CHROME - Revision : 1
2020-09-02 Google Chrome blink webaudio module use after free attempt
RuleID : 54625 - Type : BROWSER-CHROME - Revision : 1
2020-09-02 Google Chrome blink webaudio module use after free attempt
RuleID : 54624 - Type : BROWSER-CHROME - Revision : 1
2020-09-02 Google Chrome ReadableStream out of bounds read attempt
RuleID : 54623 - Type : BROWSER-CHROME - Revision : 1
2020-09-02 Google Chrome ReadableStream out of bounds read attempt
RuleID : 54622 - Type : BROWSER-CHROME - Revision : 1
2020-08-11 Google Chrome Blink use-after-free attempt
RuleID : 54498 - Type : BROWSER-CHROME - Revision : 1
2020-08-11 Google Chrome Blink use-after-free attempt
RuleID : 54497 - Type : BROWSER-CHROME - Revision : 1
2020-06-11 Google Chromium for Android AddInterface use after free attempt
RuleID : 53943 - Type : BROWSER-CHROME - Revision : 1
2020-06-11 Google Chromium for Android AddInterface use after free attempt
RuleID : 53942 - Type : BROWSER-CHROME - Revision : 1
2020-06-10 Google Chromium ImageCapture use after free attempt
RuleID : 53845 - Type : BROWSER-CHROME - Revision : 1
2020-06-10 Google Chromium ImageCapture use after free attempt
RuleID : 53844 - Type : BROWSER-CHROME - Revision : 1
2020-06-04 Chromium use after free exploitation attempt
RuleID : 53836 - Type : INDICATOR-COMPROMISE - Revision : 1
2020-06-04 Chromium use after free exploitation attempt
RuleID : 53835 - Type : INDICATOR-COMPROMISE - Revision : 1
2020-05-27 Google Chrome ObjectCreate type confusion attempt
RuleID : 53754 - Type : BROWSER-CHROME - Revision : 1
2020-05-27 Google Chrome ObjectCreate type confusion attempt
RuleID : 53753 - Type : BROWSER-CHROME - Revision : 1
2020-05-27 Google Chrome ObjectCreate type confusion attempt
RuleID : 53752 - Type : BROWSER-CHROME - Revision : 1
2020-05-27 Google Chrome ObjectCreate type confusion attempt
RuleID : 53751 - Type : BROWSER-CHROME - Revision : 1
2020-05-05 Google Chrome desktopMediaPickerController use after free attempt
RuleID : 53534 - Type : BROWSER-CHROME - Revision : 1

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-348547a32d.nasl - Type: ACT_GATHER_INFO
2019-01-08 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2019-1007.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote Fedora host is missing a security update.
File: fedora_2019-859384e002.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_546d4dd410ea11e9b407080027ef1a23.nasl - Type: ACT_GATHER_INFO
2019-01-07 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_720590df10eb11e9b407080027ef1a23.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-13d8c35127.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-34f7f68029.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-39be36e9fc.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-499f2dbc96.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7c80aaef26.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-8e866c5066.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-94e1bc8c23.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-aafdbb5554.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-b844991a97.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-f76e6d17f1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-fd194a1f14.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1446.nasl - Type: ACT_GATHER_INFO
2018-12-27 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2018-3831.nasl - Type: ACT_GATHER_INFO
2018-12-27 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2018-3833.nasl - Type: ACT_GATHER_INFO
2018-12-24 Name: The remote Debian host is missing a security update.
File: debian_DLA-1613.nasl - Type: ACT_GATHER_INFO
2018-12-14 Name: The remote Debian host is missing a security update.
File: debian_DLA-1605.nasl - Type: ACT_GATHER_INFO
2018-12-14 Name: A web browser installed on the remote Windows host is affected by a use after...
File: google_chrome_71_0_3578_98.nasl - Type: ACT_GATHER_INFO
2018-12-14 Name: A web browser installed on the remote macOS host is affected by a use after f...
File: macosx_google_chrome_71_0_3578_98.nasl - Type: ACT_GATHER_INFO
2018-12-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4354.nasl - Type: ACT_GATHER_INFO
2018-12-13 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_d10b49b28d0249e8afde0844626317af.nasl - Type: ACT_GATHER_INFO