Google Vulnerabilities
| CVE ID | CVSS | Exploit | Patch | Trends |
|---|---|---|---|---|
CVE-2024-9991This vulnerability exists in Philips lighting devices due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext Wi-Fi credentials stored on the vulnerable device.
Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the Wi-Fi network to which vulnerable device is connected. | CVSS Low | - | - |  |
CVE-2024-9966Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | CVSS 5.3 | - | Patched |  |
CVE-2024-9965Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) | CVSS 8.8 | - | Patched |  |
CVE-2024-9964Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | CVSS 4.3 | - | Patched |  |
CVE-2024-9963Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | CVSS 4.3 | - | Patched |  |
CVE-2024-9962Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | CVSS 4.3 | - | Patched |  |
CVE-2024-9961Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | CVSS 8.8 | - | Patched |  |
CVE-2024-9960Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | CVSS 8.8 | - | Patched |  |
CVE-2024-9959Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) | CVSS 8.8 | - | Patched |  |
CVE-2024-9958Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | CVSS 4.3 | - | Patched |  |
CVE-2024-9957Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | CVSS 8.8 | - | Patched |  |
CVE-2024-9956Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | CVSS 7.8 | - | Patched |  |
CVE-2024-9955Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | CVSS 8.8 | - | Patched |  |
CVE-2024-9954Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | - | Patched |  |
CVE-2024-9859Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | - | - |  |
CVE-2024-9603Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | - | Patched |  |
CVE-2024-9602Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | - | Patched |  |
CVE-2024-9370<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024%C2%A0">Google Chrome Releases</a> for more information.</p>
| CVSS HIGH | - | Patched |  |
CVE-2024-9369<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024%C2%A0">Google Chrome Releases</a> for more information.</p>
| CVSS MEDIUM | - | Patched |  |
CVE-2024-9123Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | CVSS 7.1 | - | Patched |  |
CVE-2024-9122Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | - | Patched |  |
CVE-2024-9121Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | - | Patched |  |
CVE-2024-9120Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | - | Patched |  |
CVE-2024-8909Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | CVSS 4.3 | - | Patched |  |
CVE-2024-8908Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | CVSS 4.3 | - | Patched |  |
CVE-2024-8907Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium) | CVSS 6.1 | - | Patched |  |
CVE-2024-8906Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | CVSS 4.3 | - | Patched |  |
CVE-2024-8905Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium) | CVSS 8.8 | - | Patched |  |
CVE-2024-8904Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | - | Patched |  |
CVE-2024-8639[Severity: High]
Use after free in Autofill. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-08-28
Google Chrome update, version 128.0.6613.137 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-8638[Severity: High]
Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-08-28
Google Chrome update, version 128.0.6613.137 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-8637[Severity: High]
Use after free in Media Router. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-08-23
Google Chrome update, version 128.0.6613.137 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-8636[Severity: High]
Heap buffer overflow in Skia. Reported by Renan Rios (@hyhy_100) on 2024-08-22
Google Chrome update, version 128.0.6613.137 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-8362[Severity: High]
Use after free in WebAudio. Reported by Cassidy Kim(@cassidy6564) on 2024-08-05
Google Chrome update, version 128.0.6613.119 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-8198Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | - | Patched |  |
CVE-2024-8194Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | - | Patched |  |
CVE-2024-8193Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | - | Patched |  |
CVE-2024-8035Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | CVSS 4.3 | - | Patched |  |
CVE-2024-8034Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | CVSS 4.3 | - | Patched |  |
CVE-2024-8033Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | CVSS 4.3 | - | Patched |  |
CVE-2024-7981Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | CVSS 4.3 | - | Patched |  |
CVE-2024-7980Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium) | CVSS 7.8 | - | Patched |  |
CVE-2024-7979Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium) | CVSS 7.8 | - | Patched |  |
CVE-2024-7978Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | CVSS 4.3 | - | Patched |  |
CVE-2024-7977Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) | CVSS 7.8 | - | Patched |  |
CVE-2024-7976Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | CVSS 4.3 | - | Patched |  |
CVE-2024-7975Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | CVSS 4.3 | - | Patched |  |
CVE-2024-7974Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) | CVSS 8.8 | - | Patched |  |
CVE-2024-7973Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. (Chromium security severity: Medium) | CVSS 8.8 | - | Patched |  |
CVE-2024-7972Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | CVSS 8.8 | - | Patched |  |
CVE-2024-7971Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | Exploit | Patched |  |
CVE-2024-7970[Severity: High]
Out of bounds write in V8. Reported by Cassidy Kim(@cassidy6564) on 2024-08-09
Google Chrome update, version 128.0.6613.119 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-7969Type Confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | - | Patched |  |
CVE-2024-7968Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | - | Patched |  |
CVE-2024-7967Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | - | Patched |  |
CVE-2024-7966Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | - | Patched |  |
CVE-2024-7965Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | Exploit | Patched |  |
CVE-2024-7964Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | - | Patched |  |
CVE-2024-7550[Severity: High]
Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-07-25
Google Chrome update, version 127.0.6533.99 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-7536[Severity: High]
Use after free in WebAudio. Reported by Cassidy Kim(@cassidy6564) on 2024-07-23
Google Chrome update, version 127.0.6533.99 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-7535[Severity: High]
Inappropriate implementation in V8. Reported by Tashita Software Security on 2024-07-12
Google Chrome update, version 127.0.6533.99 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-7534[Severity: High]
Heap buffer overflow in Layout. Reported by Tashita Software Security on 2024-07-11
Google Chrome update, version 127.0.6533.99 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-7533[Severity: High]
Use after free in Sharing. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-07-17
Google Chrome update, version 127.0.6533.99 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-7532[Severity: Critical]
Out of bounds memory access in ANGLE. Reported by wgslfuzz on 2024-07-02
Google Chrome update, version 127.0.6533.99 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-7256[Severity: High]
Insufficient data validation in Dawn. Reported by gelatin dessert on 2024-07-23
Google Chrome update, version 127.0.6533.88 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-7255[Severity: High]
Out of bounds read in WebTransport. Reported by Marten Richter on 2024-07-13
Google Chrome update, version 127.0.6533.88 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-7254Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker. | CVSS MEDIUM | Exploit | Patched |  |
CVE-2024-7025<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024%C2%A0">Google Chrome Releases</a> for more information.</p>
| CVSS HIGH | - | Patched |  |
CVE-2024-7024Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | CVSS 9.3 | - | - |  |
CVE-2024-7023Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) | CVSS 8 | - | - |  |
CVE-2024-7022Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | CVSS 8.8 | - | - |  |
CVE-2024-7020Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | CVSS 4.3 | - | - |  |
CVE-2024-7019Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | CVSS 4.3 | - | - |  |
CVE-2024-7018Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | CVSS 8.8 | - | - |  |
CVE-2024-7005[Severity: Low]
Insufficient validation of untrusted input in Safe Browsing. Reported by Umar Farooq on 2023-08-04
Google Chrome update, version 127.0.6533.72 fixes the following vulnerabilities. | CVSS 4.3 | - | Patched |  |
CVE-2024-7004[Severity: Low]
Insufficient validation of untrusted input in Safe Browsing. Reported by Anonymous on 2023-02-10
Google Chrome update, version 127.0.6533.72 fixes the following vulnerabilities. | CVSS 4.3 | - | Patched |  |
CVE-2024-7003[Severity: Low]
Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-01
Google Chrome update, version 127.0.6533.72 fixes the following vulnerabilities. | CVSS 4.3 | - | Patched |  |
CVE-2024-7001[Severity: Medium]
Inappropriate implementation in HTML. Reported by Jake Archibald on 2024-06-17
Google Chrome update, version 127.0.6533.72 fixes the following vulnerabilities. | CVSS 4.3 | - | Patched |  |
CVE-2024-7000Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | CVSS 8.8 | - | Patched |  |
CVE-2024-6999[Severity: Medium]
Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-15
Google Chrome update, version 127.0.6533.72 fixes the following vulnerabilities. | CVSS 4.3 | - | Patched |  |
CVE-2024-6998[Severity: Medium]
Use after free in User Education. Reported by Sven Dysthe (@svn-dys) on 2024-05-13
Google Chrome update, version 127.0.6533.72 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-6997[Severity: Medium]
Use after free in Tabs. Reported by Sven Dysthe (@svn-dys) on 2024-02-15
Google Chrome update, version 127.0.6533.72 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-6996[Severity: Medium]
Race in Frames. Reported by Louis Jannett (Ruhr University Bochum) on 2024-04-10
Google Chrome update, version 127.0.6533.72 fixes the following vulnerabilities. | CVSS 3.1 | - | Patched |  |
CVE-2024-6995Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | CVSS 4.7 | - | Patched |  |
CVE-2024-6994[Severity: Medium]
Heap buffer overflow in Layout. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2024-05-10
Google Chrome update, version 127.0.6533.72 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-6993[Severity: High]
Inappropriate implementation in Canvas. Reported by Anonymous on 2024-06-30
Google Chrome update, version 127.0.6533.72 fixes the following vulnerabilities. | CVSS HIGH | - | Patched |  |
CVE-2024-6992[Severity: High]
Out of bounds memory access in ANGLE. Reported by Xiantong Hou of Wuheng Lab and Pisanbao on 2024-06-27
Google Chrome update, version 127.0.6533.72 fixes the following vulnerabilities. | CVSS HIGH | - | Patched |  |
CVE-2024-6991[Severity: High]
Use after free in Dawn. Reported by wgslfuzz on 2024-06-12
Google Chrome update, version 127.0.6533.72 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-6990[Severity: Critical]
Uninitialized Use in Dawn. Reported by gelatin dessert on 2024-07-15
Google Chrome update, version 127.0.6533.88 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-6989[Severity: High]
Use after free in Loader. Reported by Anonymous on 2024-06-25
Google Chrome update, version 127.0.6533.72 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-6988[Severity: High]
Use after free in Downloads. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-06-25
Google Chrome update, version 127.0.6533.72 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-6779[Severity: High]
Out of bounds memory access in V8. Reported by Seunghyun Lee (@0x10n) on 2024-07-06
Google Chrome update, version 126.0.6478.182 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-6778Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High) | CVSS 8.8 | Exploit | Patched |  |
CVE-2024-6777[Severity: High]
Use after free in Navigation. Reported by Sven Dysthe (@svn-dys) on 2024-06-07
Google Chrome update, version 126.0.6478.182 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-6776[Severity: High]
Use after free in Audio. Reported by lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-06-12
Google Chrome update, version 126.0.6478.182 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-6775Use after free in Media Stream in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CVSS 8.8 | - | Patched |  |
CVE-2024-6774[Severity: High]
Use after free in Screen Capture. Reported by lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-06-13
Google Chrome update, version 126.0.6478.182 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-6773[Severity: High]
Type Confusion in V8. Reported by 2ourc3 | Salim Largo on 2024-06-17
Google Chrome update, version 126.0.6478.182 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-6772[Severity: High]
Inappropriate implementation in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-06-12
Google Chrome update, version 126.0.6478.182 fixes the following vulnerabilities. | CVSS 8.8 | - | Patched |  |
CVE-2024-6293Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | CVSS 7.5 | - | Patched |  |