{"cves":[{"cve_id":"CVE-2026-6361","summary":"Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)","cvss":7.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.2,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01686,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/500036290"],"published_time":"2026-04-15T20:16:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6362","summary":"Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: High)","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15637,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/500066234"],"published_time":"2026-04-15T20:16:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6363","summary":"Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.19809,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/495751197"],"published_time":"2026-04-15T20:16:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6364","summary":"Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07056,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/502103414"],"published_time":"2026-04-15T20:16:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6318","summary":"Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.3218,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/495996858"],"published_time":"2026-04-15T20:16:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6319","summary":"Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.3218,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/499018889"],"published_time":"2026-04-15T20:16:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6358","summary":"Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00108,"ranking_epss":0.29093,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/497724498"],"published_time":"2026-04-15T20:16:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6359","summary":"Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.19503,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/490251701"],"published_time":"2026-04-15T20:16:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6360","summary":"Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05834,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/497880137"],"published_time":"2026-04-15T20:16:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6313","summary":"Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)","cvss":3.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.1,"cvss_v4":null,"epss":9e-05,"ranking_epss":0.00886,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/498765210"],"published_time":"2026-04-15T20:16:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6314","summary":"Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":8.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.3,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07258,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/498782145"],"published_time":"2026-04-15T20:16:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6315","summary":"Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29282,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/499247910"],"published_time":"2026-04-15T20:16:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6316","summary":"Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.3218,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/499384399"],"published_time":"2026-04-15T20:16:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6317","summary":"Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.3218,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/500091052"],"published_time":"2026-04-15T20:16:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6308","summary":"Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00094,"ranking_epss":0.26209,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/497412658"],"published_time":"2026-04-15T20:16:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6309","summary":"Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":8.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.3,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.1042,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/497846428"],"published_time":"2026-04-15T20:16:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6310","summary":"Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":8.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.3,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.1042,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/497969820"],"published_time":"2026-04-15T20:16:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6311","summary":"Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":8.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.3,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07413,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/498201025"],"published_time":"2026-04-15T20:16:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6312","summary":"Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)","cvss":3.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.1,"cvss_v4":null,"epss":9e-05,"ranking_epss":0.00848,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/498269651"],"published_time":"2026-04-15T20:16:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6301","summary":"Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.09433,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/495273999"],"published_time":"2026-04-15T20:16:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6302","summary":"Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13367,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/495477995"],"published_time":"2026-04-15T20:16:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6303","summary":"Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.3218,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/496282147"],"published_time":"2026-04-15T20:16:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6304","summary":"Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":8.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.3,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.1042,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/496393742"],"published_time":"2026-04-15T20:16:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6305","summary":"Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08135,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/496618639"],"published_time":"2026-04-15T20:16:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6306","summary":"Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00084,"ranking_epss":0.24477,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/496907110"],"published_time":"2026-04-15T20:16:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6307","summary":"Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.09433,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/497404188"],"published_time":"2026-04-15T20:16:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6296","summary":"Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06911,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/490170083"],"published_time":"2026-04-15T20:16:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6297","summary":"Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.3,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01076,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/493628982"],"published_time":"2026-04-15T20:16:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6298","summary":"Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":9e-05,"ranking_epss":0.00924,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/495700484"],"published_time":"2026-04-15T20:16:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6299","summary":"Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13367,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/497053588"],"published_time":"2026-04-15T20:16:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-6300","summary":"Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13367,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/491994185"],"published_time":"2026-04-15T20:16:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5911","summary":"Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09657,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/485785246"],"published_time":"2026-04-08T22:16:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5912","summary":"Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27677,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/486498791"],"published_time":"2026-04-08T22:16:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5913","summary":"Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24869,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/487195286"],"published_time":"2026-04-08T22:16:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5914","summary":"Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06208,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/490023239"],"published_time":"2026-04-08T22:16:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5915","summary":"Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27673,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/494341335"],"published_time":"2026-04-08T22:16:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5918","summary":"Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03407,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/490139441"],"published_time":"2026-04-08T22:16:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5919","summary":"Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.11095,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/483423893"],"published_time":"2026-04-08T22:16:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5902","summary":"Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low)","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26618,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/483109205"],"published_time":"2026-04-08T22:16:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5903","summary":"Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08875,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/483771899"],"published_time":"2026-04-08T22:16:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5904","summary":"Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08211,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/483851888"],"published_time":"2026-04-08T22:16:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5905","summary":"Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05764,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/483899628"],"published_time":"2026-04-08T22:16:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5906","summary":"Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07941,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/484082189"],"published_time":"2026-04-08T22:16:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5907","summary":"Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Low)","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24869,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/484665123"],"published_time":"2026-04-08T22:16:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5908","summary":"Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24869,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/485115554"],"published_time":"2026-04-08T22:16:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5909","summary":"Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24869,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/485203821"],"published_time":"2026-04-08T22:16:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5910","summary":"Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24869,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/485212874"],"published_time":"2026-04-08T22:16:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5892","summary":"Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07786,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/487568011"],"published_time":"2026-04-08T22:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5893","summary":"Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.08353,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/487768771"],"published_time":"2026-04-08T22:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5894","summary":"Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05562,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/481882038"],"published_time":"2026-04-08T22:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5895","summary":"Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. (Chromium security severity: Low)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20794,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/374285495"],"published_time":"2026-04-08T22:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5896","summary":"Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HTML page. (Chromium security severity: Low)","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.08412,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/40064543"],"published_time":"2026-04-08T22:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5897","summary":"Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07265,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/419921726"],"published_time":"2026-04-08T22:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5898","summary":"Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07265,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/470295118"],"published_time":"2026-04-08T22:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5899","summary":"Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.02832,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/474817168"],"published_time":"2026-04-08T22:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5900","summary":"Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08875,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/475265304"],"published_time":"2026-04-08T22:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5901","summary":"Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. (Chromium security severity: Low)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05513,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/479673903"],"published_time":"2026-04-08T22:16:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5884","summary":"Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33574,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/484547633"],"published_time":"2026-04-08T22:16:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5885","summary":"Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13251,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/485203823"],"published_time":"2026-04-08T22:16:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5886","summary":"Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.08505,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/485397283"],"published_time":"2026-04-08T22:16:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5887","summary":"Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10152,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/486079015"],"published_time":"2026-04-08T22:16:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5888","summary":"Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08645,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/486506202"],"published_time":"2026-04-08T22:16:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5889","summary":"Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":6e-05,"ranking_epss":0.00426,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/486906037"],"published_time":"2026-04-08T22:16:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5890","summary":"Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/487259772"],"published_time":"2026-04-08T22:16:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5891","summary":"Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16799,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/487471101"],"published_time":"2026-04-08T22:16:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5874","summary":"Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.30618,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/485397279"],"published_time":"2026-04-08T22:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5875","summary":"Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06915,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/430198264"],"published_time":"2026-04-08T22:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5876","summary":"Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.1026,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/41485206"],"published_time":"2026-04-08T22:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5877","summary":"Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00139,"ranking_epss":0.34012,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/333024273"],"published_time":"2026-04-08T22:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5878","summary":"Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07941,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/365089001"],"published_time":"2026-04-08T22:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5879","summary":"Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/40073848"],"published_time":"2026-04-08T22:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5880","summary":"Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07185,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/424995036"],"published_time":"2026-04-08T22:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5881","summary":"Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06915,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/454162508"],"published_time":"2026-04-08T22:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5882","summary":"Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07941,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/480993682"],"published_time":"2026-04-08T22:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5883","summary":"Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00129,"ranking_epss":0.32341,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/482958590"],"published_time":"2026-04-08T22:16:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5865","summary":"Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00104,"ranking_epss":0.283,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/491884710"],"published_time":"2026-04-08T22:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5866","summary":"Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00139,"ranking_epss":0.34012,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/492218537"],"published_time":"2026-04-08T22:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5867","summary":"Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08116,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/492668885"],"published_time":"2026-04-08T22:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5868","summary":"Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00091,"ranking_epss":0.25658,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/493256564"],"published_time":"2026-04-08T22:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5869","summary":"Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08116,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/493708165"],"published_time":"2026-04-08T22:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5870","summary":"Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00102,"ranking_epss":0.28022,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/495534710"],"published_time":"2026-04-08T22:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5871","summary":"Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00104,"ranking_epss":0.283,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/495679730"],"published_time":"2026-04-08T22:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5872","summary":"Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00139,"ranking_epss":0.34012,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/496281816"],"published_time":"2026-04-08T22:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5873","summary":"Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00102,"ranking_epss":0.28022,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/496301615"],"published_time":"2026-04-08T22:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5858","summary":"Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.2378,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/493319454"],"published_time":"2026-04-08T22:16:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5859","summary":"Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23545,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/494158331"],"published_time":"2026-04-08T22:16:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5860","summary":"Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00123,"ranking_epss":0.31419,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/486495143"],"published_time":"2026-04-08T22:16:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5861","summary":"Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00139,"ranking_epss":0.34012,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/486927780"],"published_time":"2026-04-08T22:16:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5862","summary":"Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00102,"ranking_epss":0.28022,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/470566252"],"published_time":"2026-04-08T22:16:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5863","summary":"Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00102,"ranking_epss":0.28022,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/484527367"],"published_time":"2026-04-08T22:16:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5864","summary":"Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08116,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/490642831"],"published_time":"2026-04-08T22:16:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5286","summary":"Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23713,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/493900619"],"published_time":"2026-04-01T05:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5287","summary":"Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23713,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/494644471"],"published_time":"2026-04-01T05:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5288","summary":"Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.1948,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/495507390"],"published_time":"2026-04-01T05:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5289","summary":"Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.20966,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/495931147"],"published_time":"2026-04-01T05:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5290","summary":"Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.20966,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/496205576"],"published_time":"2026-04-01T05:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5291","summary":"Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07048,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/490118036"],"published_time":"2026-04-01T05:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5292","summary":"Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.1948,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/492213293"],"published_time":"2026-04-01T05:16:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5278","summary":"Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21757,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/490254128"],"published_time":"2026-04-01T05:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5279","summary":"Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23713,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/490642836"],"published_time":"2026-04-01T05:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5280","summary":"Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21757,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/491515787"],"published_time":"2026-04-01T05:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5281","summary":"Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03278,"ranking_epss":0.87196,"kev":true,"propose_action":"Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/491518608","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-5281"],"published_time":"2026-04-01T05:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5282","summary":"Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.1948,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/491655161"],"published_time":"2026-04-01T05:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5283","summary":"Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02506,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/492131521"],"published_time":"2026-04-01T05:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5284","summary":"Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23713,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/492139412"],"published_time":"2026-04-01T05:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5285","summary":"Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00071,"ranking_epss":0.21757,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/492228019"],"published_time":"2026-04-01T05:16:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5272","summary":"Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06762,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/491732188"],"published_time":"2026-04-01T05:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5273","summary":"Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.2013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/493952652"],"published_time":"2026-04-01T05:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5274","summary":"Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.20966,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/488596746"],"published_time":"2026-04-01T05:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5275","summary":"Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00072,"ranking_epss":0.21904,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/489494022"],"published_time":"2026-04-01T05:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5276","summary":"Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.1367,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/489711638"],"published_time":"2026-04-01T05:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-5277","summary":"Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24736,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/489791424"],"published_time":"2026-04-01T05:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4675","summary":"Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.22106,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/488270257"],"published_time":"2026-03-24T01:17:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4676","summary":"Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.30618,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/488613135"],"published_time":"2026-03-24T01:17:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4677","summary":"Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23545,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/490533968"],"published_time":"2026-03-24T01:17:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4678","summary":"Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00123,"ranking_epss":0.31419,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/491164019"],"published_time":"2026-03-24T01:17:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4679","summary":"Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00109,"ranking_epss":0.29154,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/491516670"],"published_time":"2026-03-24T01:17:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4680","summary":"Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00139,"ranking_epss":0.34012,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/491869946"],"published_time":"2026-03-24T01:17:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4673","summary":"Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00092,"ranking_epss":0.25747,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/485397284"],"published_time":"2026-03-24T01:17:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4674","summary":"Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.24869,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/488188166"],"published_time":"2026-03-24T01:17:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4458","summary":"Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08211,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/489619753"],"published_time":"2026-03-20T02:16:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4459","summary":"Out of bounds read and write in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22431,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/490246422"],"published_time":"2026-03-20T02:16:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4460","summary":"Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/490254124"],"published_time":"2026-03-20T02:16:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4461","summary":"Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/490558172"],"published_time":"2026-03-20T02:16:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4462","summary":"Out of bounds read in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/491080830"],"published_time":"2026-03-20T02:16:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4463","summary":"Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.20875,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/491358681"],"published_time":"2026-03-20T02:16:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4464","summary":"Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/487208468"],"published_time":"2026-03-20T02:16:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4451","summary":"Insufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00116,"ranking_epss":0.30315,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/487768779"],"published_time":"2026-03-20T02:16:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4452","summary":"Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/487977696"],"published_time":"2026-03-20T02:16:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4453","summary":"Integer overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08205,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/488400770"],"published_time":"2026-03-20T02:16:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4454","summary":"Use after free in Network in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00109,"ranking_epss":0.29228,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/488585488"],"published_time":"2026-03-20T02:16:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4455","summary":"Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22278,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/488585504"],"published_time":"2026-03-20T02:16:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4456","summary":"Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00109,"ranking_epss":0.29228,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/488617440"],"published_time":"2026-03-20T02:16:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4457","summary":"Type Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00082,"ranking_epss":0.23984,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/488803413"],"published_time":"2026-03-20T02:16:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4444","summary":"Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.20875,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/486349161"],"published_time":"2026-03-20T02:16:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4445","summary":"Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00101,"ranking_epss":0.27756,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/486421953"],"published_time":"2026-03-20T02:16:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4446","summary":"Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00101,"ranking_epss":0.27756,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/486421954"],"published_time":"2026-03-20T02:16:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4447","summary":"Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26347,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/486657483"],"published_time":"2026-03-20T02:16:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4448","summary":"Heap buffer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22278,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/486972661"],"published_time":"2026-03-20T02:16:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4449","summary":"Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00109,"ranking_epss":0.29228,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/487117772"],"published_time":"2026-03-20T02:16:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4450","summary":"Out of bounds write in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00101,"ranking_epss":0.27869,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/487746373"],"published_time":"2026-03-20T02:16:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4439","summary":"Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22431,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/475877320"],"published_time":"2026-03-20T02:16:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4440","summary":"Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22431,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/485935305"],"published_time":"2026-03-20T02:16:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4441","summary":"Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00109,"ranking_epss":0.29228,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/489381399"],"published_time":"2026-03-20T02:16:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4442","summary":"Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22278,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/484751092"],"published_time":"2026-03-20T02:16:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-4443","summary":"Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.22619,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/485292589"],"published_time":"2026-03-20T02:16:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3909","summary":"Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00288,"ranking_epss":0.52319,"kev":true,"propose_action":"Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_13.html","https://issues.chromium.org/issues/491421267","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3909"],"published_time":"2026-03-13T19:55:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3910","summary":"Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00665,"ranking_epss":0.71267,"kev":true,"propose_action":"Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/491410818","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3910"],"published_time":"2026-03-13T19:55:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3934","summary":"Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07652,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/478783560"],"published_time":"2026-03-11T22:16:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3935","summary":"Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07968,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/479326680"],"published_time":"2026-03-11T22:16:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3936","summary":"Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.30677,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/481920229"],"published_time":"2026-03-11T22:16:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3937","summary":"Incorrect security UI in Downloads in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/473118648"],"published_time":"2026-03-11T22:16:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3938","summary":"Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/474763968"],"published_time":"2026-03-11T22:16:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3939","summary":"Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low)","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07652,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/40058077"],"published_time":"2026-03-11T22:16:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3940","summary":"Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07652,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/470574526"],"published_time":"2026-03-11T22:16:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3941","summary":"Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.10814,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/474670215"],"published_time":"2026-03-11T22:16:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3942","summary":"Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/475238879"],"published_time":"2026-03-11T22:16:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3925","summary":"Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07195,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/418214610"],"published_time":"2026-03-11T22:16:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3926","summary":"Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00094,"ranking_epss":0.26219,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/478659010"],"published_time":"2026-03-11T22:16:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3927","summary":"Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/474948986"],"published_time":"2026-03-11T22:16:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3928","summary":"Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03549,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/435980394"],"published_time":"2026-03-11T22:16:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3929","summary":"Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)","cvss":3.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.1,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09951,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/477180001"],"published_time":"2026-03-11T22:16:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3930","summary":"Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07652,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/476898368"],"published_time":"2026-03-11T22:16:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3931","summary":"Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.2482,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/417599694"],"published_time":"2026-03-11T22:16:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3932","summary":"Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07652,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/478296121"],"published_time":"2026-03-11T22:16:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3917","summary":"Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.32184,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/483569512"],"published_time":"2026-03-11T22:16:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3918","summary":"Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.30677,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/483853103"],"published_time":"2026-03-11T22:16:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3919","summary":"Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09955,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/444176961"],"published_time":"2026-03-11T22:16:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3920","summary":"Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00087,"ranking_epss":0.24923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/482875307"],"published_time":"2026-03-11T22:16:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3921","summary":"Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.32184,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/484946544"],"published_time":"2026-03-11T22:16:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3922","summary":"Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.32184,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/485397139"],"published_time":"2026-03-11T22:16:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3923","summary":"Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.30677,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/485935314"],"published_time":"2026-03-11T22:16:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3924","summary":"use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.32184,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/487338366"],"published_time":"2026-03-11T22:16:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3913","summary":"Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.23482,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/483445078"],"published_time":"2026-03-11T22:16:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3914","summary":"Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00087,"ranking_epss":0.24923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/481776048"],"published_time":"2026-03-11T22:16:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3915","summary":"Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.23482,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/483971526"],"published_time":"2026-03-11T22:16:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3916","summary":"Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00087,"ranking_epss":0.24923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/482828615"],"published_time":"2026-03-11T22:16:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3540","summary":"Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23782,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/484088917"],"published_time":"2026-03-04T20:16:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3541","summary":"Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24627,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/484811719"],"published_time":"2026-03-04T20:16:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3542","summary":"Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23295,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/485152421"],"published_time":"2026-03-04T20:16:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3543","summary":"Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24627,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/485267831"],"published_time":"2026-03-04T20:16:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3544","summary":"Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.25974,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/485683110"],"published_time":"2026-03-04T20:16:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3545","summary":"Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00127,"ranking_epss":0.3202,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/487383169"],"published_time":"2026-03-04T20:16:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3536","summary":"Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00088,"ranking_epss":0.25063,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/485622239"],"published_time":"2026-03-04T20:16:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3537","summary":"Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00089,"ranking_epss":0.25289,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/474266014"],"published_time":"2026-03-04T20:16:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3538","summary":"Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00088,"ranking_epss":0.25063,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/484983991"],"published_time":"2026-03-04T20:16:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3539","summary":"Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":9e-05,"ranking_epss":0.008,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/483853098"],"published_time":"2026-03-04T20:16:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3063","summary":"Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. (Chromium security severity: High)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":6e-05,"ranking_epss":0.00402,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/485287859"],"published_time":"2026-02-23T23:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3061","summary":"Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.0851,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/482862710"],"published_time":"2026-02-23T23:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-3062","summary":"Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.0851,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/483751167"],"published_time":"2026-02-23T23:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-2648","summary":"Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10108,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/477033835"],"published_time":"2026-02-18T22:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-2649","summary":"Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.09315,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/481074858"],"published_time":"2026-02-18T22:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-2650","summary":"Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07725,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/476461867"],"published_time":"2026-02-18T22:16:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-2441","summary":"Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00354,"ranking_epss":0.57801,"kev":true,"propose_action":"Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html","https://issues.chromium.org/issues/483569511","https://github.com/huseyinstif/CVE-2026-2441-PoC/blob/main/poc.html","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-2441"],"published_time":"2026-02-13T19:17:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-2319","summary":"Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07872,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/40071155"],"published_time":"2026-02-11T19:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-2320","summary":"Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/435684924"],"published_time":"2026-02-11T19:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-2321","summary":"Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.32184,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/461877477"],"published_time":"2026-02-11T19:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-2322","summary":"Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05741,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/470928605"],"published_time":"2026-02-11T19:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-2323","summary":"Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01035,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/467442136"],"published_time":"2026-02-11T19:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-2313","summary":"Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0007,"ranking_epss":0.21488,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/467297219"],"published_time":"2026-02-11T19:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-2314","summary":"Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14475,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/478560268"],"published_time":"2026-02-11T19:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-2315","summary":"Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09067,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/479242793"],"published_time":"2026-02-11T19:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-2316","summary":"Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08001,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/422531206"],"published_time":"2026-02-11T19:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-2317","summary":"Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04422,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/464173573"],"published_time":"2026-02-11T19:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-2318","summary":"Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/363930141"],"published_time":"2026-02-11T19:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-1861","summary":"Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09978,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/478942410"],"published_time":"2026-02-03T21:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-1862","summary":"Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19236,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/479726070","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-1862"],"published_time":"2026-02-03T21:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-1504","summary":"Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.1343,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_27.html","https://issues.chromium.org/issues/474435504"],"published_time":"2026-01-27T21:16:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0906","summary":"Incorrect security UI  in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00126,"ranking_epss":0.31948,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html","https://issues.chromium.org/issues/467448811"],"published_time":"2026-01-20T05:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0907","summary":"Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00126,"ranking_epss":0.31948,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html","https://issues.chromium.org/issues/444653104"],"published_time":"2026-01-20T05:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0908","summary":"Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14474,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html","https://issues.chromium.org/issues/452209503"],"published_time":"2026-01-20T05:16:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0901","summary":"Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11335,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html","https://issues.chromium.org/issues/40057499"],"published_time":"2026-01-20T05:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0902","summary":"Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html","https://issues.chromium.org/issues/469143679"],"published_time":"2026-01-20T05:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0903","summary":"Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium security severity: Medium)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11384,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html","https://issues.chromium.org/issues/444803530"],"published_time":"2026-01-20T05:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0904","summary":"Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11335,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html","https://issues.chromium.org/issues/452209495"],"published_time":"2026-01-20T05:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0905","summary":"Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium)","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09282,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html","https://issues.chromium.org/issues/465466773"],"published_time":"2026-01-20T05:16:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0900","summary":"Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10143,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html","https://issues.chromium.org/issues/465730465"],"published_time":"2026-01-20T05:16:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0899","summary":"Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10143,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html","https://issues.chromium.org/issues/458914193"],"published_time":"2026-01-20T05:16:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2026-0628","summary":"Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06911,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/463155954"],"published_time":"2026-01-07T12:17:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-14765","summary":"Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0018,"ranking_epss":0.39629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/448294721"],"published_time":"2025-12-16T23:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-14766","summary":"Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00144,"ranking_epss":0.34703,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/466786677"],"published_time":"2025-12-16T23:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-14373","summary":"Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15527,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/461532432"],"published_time":"2025-12-12T20:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-14174","summary":"Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01047,"ranking_epss":0.77536,"kev":true,"propose_action":"Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/466192044","https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14174"],"published_time":"2025-12-12T20:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-14372","summary":"Use after free in Password Manager in Google Chrome prior to 143.0.7499.110 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20622,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/460599518"],"published_time":"2025-12-12T20:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13992","summary":"Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.11522,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/40095391"],"published_time":"2025-12-03T19:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13634","summary":"Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"cvss_v4":null,"epss":9e-05,"ranking_epss":0.00811,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/429140219"],"published_time":"2025-12-02T19:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13635","summary":"Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01115,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/405727341"],"published_time":"2025-12-02T19:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13636","summary":"Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00125,"ranking_epss":0.317,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/446181124"],"published_time":"2025-12-02T19:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13637","summary":"Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10534,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/392375329"],"published_time":"2025-12-02T19:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13638","summary":"Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00196,"ranking_epss":0.41522,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/448046109"],"published_time":"2025-12-02T19:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13639","summary":"Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16765,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/448408148"],"published_time":"2025-12-02T19:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13640","summary":"Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical access to the device. (Chromium security severity: Low)","cvss":3.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.5,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.0525,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/452071826"],"published_time":"2025-12-02T19:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13720","summary":"Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00146,"ranking_epss":0.3502,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/457818670"],"published_time":"2025-12-02T19:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13721","summary":"Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00111,"ranking_epss":0.29552,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/355120682"],"published_time":"2025-12-02T19:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13631","summary":"Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform privilege escalation via a crafted file. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00144,"ranking_epss":0.34703,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/448113221"],"published_time":"2025-12-02T19:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13632","summary":"Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: High)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08752,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/439058242"],"published_time":"2025-12-02T19:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13633","summary":"Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00196,"ranking_epss":0.41522,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/458082926"],"published_time":"2025-12-02T19:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13630","summary":"Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00146,"ranking_epss":0.3502,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/456547591"],"published_time":"2025-12-02T19:15:46","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13229","summary":"Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.2219,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/446113731"],"published_time":"2025-11-18T00:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13230","summary":"Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26534,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/446124892"],"published_time":"2025-11-18T00:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13226","summary":"Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26534,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/446113732"],"published_time":"2025-11-18T00:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13227","summary":"Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.2219,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/446122633"],"published_time":"2025-11-18T00:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13228","summary":"Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.2219,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/446124893"],"published_time":"2025-11-18T00:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13224","summary":"Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00066,"ranking_epss":0.20485,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html","https://issues.chromium.org/issues/450328966"],"published_time":"2025-11-17T23:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13223","summary":"Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02804,"ranking_epss":0.86144,"kev":true,"propose_action":"Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html","https://issues.chromium.org/issues/460017370","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-13223"],"published_time":"2025-11-17T23:15:45","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-9479","summary":"Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.22139,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_25.html","https://issues.chromium.org/issues/390743124"],"published_time":"2025-11-14T03:15:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13097","summary":"Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.08314,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html","https://issues.chromium.org/issues/402791076"],"published_time":"2025-11-14T03:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13102","summary":"Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14782,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/351564774"],"published_time":"2025-11-14T03:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13107","summary":"Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22399,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/429440615"],"published_time":"2025-11-14T03:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-11920","summary":"Inappropriate implementation in Dawn in Google Chrome on Mac prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17257,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html","https://issues.chromium.org/issues/371840056"],"published_time":"2025-11-14T03:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-13178","summary":"Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22399,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/40068607"],"published_time":"2025-11-14T03:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-13983","summary":"Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. (Chromium security severity: Low)","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23553,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html","https://issues.chromium.org/issues/379818904"],"published_time":"2025-11-14T03:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7017","summary":"Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.23397,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/338248595"],"published_time":"2025-11-14T03:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7021","summary":"Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16333,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/40064701"],"published_time":"2025-11-14T03:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9126","summary":"Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a series of curated UI gestures. (Chromium security severity: Medium)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00138,"ranking_epss":0.33975,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/349653218"],"published_time":"2025-11-14T03:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-11919","summary":"Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22399,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html","https://issues.chromium.org/issues/352516283"],"published_time":"2025-11-14T03:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-13042","summary":"Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26284,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_11.html","https://issues.chromium.org/issues/457351015"],"published_time":"2025-11-12T17:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12729","summary":"Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06249,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/454354281"],"published_time":"2025-11-10T20:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12443","summary":"Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05562,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/452071845"],"published_time":"2025-11-10T20:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12444","summary":"Incorrect security UI in Fullscreen UI in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16866,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/390571618"],"published_time":"2025-11-10T20:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12445","summary":"Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03081,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/428397712"],"published_time":"2025-11-10T20:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12446","summary":"Incorrect security UI in SplitView in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low)","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17115,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/444932667"],"published_time":"2025-11-10T20:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12447","summary":"Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16866,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/442636157"],"published_time":"2025-11-10T20:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12725","summary":"Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00087,"ranking_epss":0.24979,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/443906252"],"published_time":"2025-11-10T20:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12726","summary":"Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00092,"ranking_epss":0.25783,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/447172715"],"published_time":"2025-11-10T20:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12727","summary":"Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26284,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/454485895"],"published_time":"2025-11-10T20:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12728","summary":"Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17115,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/452392032"],"published_time":"2025-11-10T20:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12434","summary":"Race in Storage in Google Chrome on Windows prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.2,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12291,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/337356054"],"published_time":"2025-11-10T20:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12435","summary":"Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17549,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/446463993"],"published_time":"2025-11-10T20:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12436","summary":"Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium)","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.0233,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/40054742"],"published_time":"2025-11-10T20:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12437","summary":"Use after free in PageInfo in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00089,"ranking_epss":0.25225,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/446294487"],"published_time":"2025-11-10T20:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12438","summary":"Use after free in Ozone in Google Chrome on Linux and ChromeOS prior to 142.0.7444.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00089,"ranking_epss":0.25225,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/433027577"],"published_time":"2025-11-10T20:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12439","summary":"Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium)","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":3e-05,"ranking_epss":0.00061,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/382234536"],"published_time":"2025-11-10T20:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12440","summary":"Inappropriate implementation in Autofill in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06897,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/430555440"],"published_time":"2025-11-10T20:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12441","summary":"Out of bounds read in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.06021,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/444049512"],"published_time":"2025-11-10T20:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12430","summary":"Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.11012,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/442860743"],"published_time":"2025-11-10T20:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12431","summary":"Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.04171,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/436887350"],"published_time":"2025-11-10T20:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12432","summary":"Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15567,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/439522866"],"published_time":"2025-11-10T20:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12433","summary":"Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03506,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/449760249"],"published_time":"2025-11-10T20:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12429","summary":"Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12092,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/450618029"],"published_time":"2025-11-10T20:15:36","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12428","summary":"Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16842,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/447613211"],"published_time":"2025-11-10T20:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12905","summary":"Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. (Chromium security severity: Low)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01483,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/431309019"],"published_time":"2025-11-08T00:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12906","summary":"Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15198,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/428455319"],"published_time":"2025-11-08T00:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12907","summary":"Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to execute arbitrary code via user action in Devtools. (Chromium security severity: Low)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34665,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/427367145"],"published_time":"2025-11-08T00:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12908","summary":"Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00083,"ranking_epss":0.24157,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/421511847"],"published_time":"2025-11-08T00:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12909","summary":"Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. (Chromium security severity: Low)","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.1355,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/361116749"],"published_time":"2025-11-08T00:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12910","summary":"Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information via debug logs. (Chromium security severity: Low)","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":8e-05,"ranking_epss":0.00687,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/434977743"],"published_time":"2025-11-08T00:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12911","summary":"Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05088,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/423670839"],"published_time":"2025-11-08T00:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11458","summary":"Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13099,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/443196747"],"published_time":"2025-11-06T23:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11460","summary":"Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26656,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/446722008"],"published_time":"2025-11-06T23:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11756","summary":"Use after free in Safe Browsing in Google Chrome prior to 141.0.7390.107 allowed a remote attacker who had compromised the renderer process to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27649,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_14.html","https://issues.chromium.org/issues/447192722"],"published_time":"2025-11-06T23:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-12036","summary":"Out of bounds memory access in V8 in Google Chrome prior to 141.0.7390.122 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22334,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/452296415"],"published_time":"2025-11-06T23:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11211","summary":"Out of bounds read in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11203,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/441917796"],"published_time":"2025-11-06T22:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11212","summary":"Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00108,"ranking_epss":0.28991,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/420734141"],"published_time":"2025-11-06T22:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11213","summary":"Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00094,"ranking_epss":0.26208,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/443408317"],"published_time":"2025-11-06T22:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11215","summary":"Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11429,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/439758498"],"published_time":"2025-11-06T22:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11216","summary":"Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. (Chromium security severity: Low)","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08185,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/419721056"],"published_time":"2025-11-06T22:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11219","summary":"Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Low)","cvss":3.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.1,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09977,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/439772737"],"published_time":"2025-11-06T22:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11205","summary":"Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26277,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/442444724"],"published_time":"2025-11-06T22:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11206","summary":"Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26276,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/444755026"],"published_time":"2025-11-06T22:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11207","summary":"Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15849,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/428189824"],"published_time":"2025-11-06T22:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11208","summary":"Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14212,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/397878997"],"published_time":"2025-11-06T22:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11209","summary":"Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17459,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/438226517"],"published_time":"2025-11-06T22:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-11210","summary":"Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.05776,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/440523110"],"published_time":"2025-11-06T22:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-10501","summary":"Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00141,"ranking_epss":0.34256,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html","https://issues.chromium.org/issues/440737137"],"published_time":"2025-09-24T17:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-10502","summary":"Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00103,"ranking_epss":0.28143,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html","https://issues.chromium.org/issues/438038775"],"published_time":"2025-09-24T17:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-10585","summary":"Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.007,"ranking_epss":0.72038,"kev":true,"propose_action":"Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html","https://issues.chromium.org/issues/445380761","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-10585"],"published_time":"2025-09-24T17:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-10890","summary":"Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.16641,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/430336833"],"published_time":"2025-09-24T17:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-10891","summary":"Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00112,"ranking_epss":0.29729,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/443765373"],"published_time":"2025-09-24T17:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-10892","summary":"Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00112,"ranking_epss":0.29729,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/444048019"],"published_time":"2025-09-24T17:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-10500","summary":"Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00153,"ranking_epss":0.35983,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html","https://issues.chromium.org/issues/435875050"],"published_time":"2025-09-24T17:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-10200","summary":"Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00088,"ranking_epss":0.25155,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html","https://issues.chromium.org/issues/440454442"],"published_time":"2025-09-10T19:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-10201","summary":"Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.06301,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html","https://issues.chromium.org/issues/439305148"],"published_time":"2025-09-10T19:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-9867","summary":"Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.14278,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/415496161"],"published_time":"2025-09-03T17:15:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-9865","summary":"Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12336,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/437147699"],"published_time":"2025-09-03T17:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-9866","summary":"Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18662,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/379337758"],"published_time":"2025-09-03T17:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-9478","summary":"Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00161,"ranking_epss":0.37046,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_26.html","https://issues.chromium.org/issues/437825940"],"published_time":"2025-08-26T19:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-4609","summary":"Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07616,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html","https://issues.chromium.org/issues/412578726"],"published_time":"2025-08-22T21:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-9132","summary":"Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34525,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_19.html","https://issues.chromium.org/issues/436181695"],"published_time":"2025-08-20T01:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-8901","summary":"Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00087,"ranking_epss":0.24942,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/435139154"],"published_time":"2025-08-13T03:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-8882","summary":"Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0018,"ranking_epss":0.39683,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/435623339"],"published_time":"2025-08-13T03:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-8881","summary":"Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06895,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/433800617"],"published_time":"2025-08-13T03:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-8880","summary":"Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00136,"ranking_epss":0.3335,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/433533359"],"published_time":"2025-08-13T03:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-8879","summary":"Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00121,"ranking_epss":0.3116,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/432035817"],"published_time":"2025-08-13T03:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-8576","summary":"Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00214,"ranking_epss":0.4394,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/414760982"],"published_time":"2025-08-07T02:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-8577","summary":"Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.17972,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/384050903"],"published_time":"2025-08-07T02:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-8578","summary":"Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00214,"ranking_epss":0.4394,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/423387026"],"published_time":"2025-08-07T02:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-8579","summary":"Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.17972,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/407791462"],"published_time":"2025-08-07T02:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-8580","summary":"Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.17972,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/411544197"],"published_time":"2025-08-07T02:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-8581","summary":"Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.13902,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/416942878"],"published_time":"2025-08-07T02:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-8582","summary":"Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20686,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/40089450"],"published_time":"2025-08-07T02:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-8583","summary":"Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15196,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/373794472"],"published_time":"2025-08-07T02:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-8292","summary":"Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00125,"ranking_epss":0.31739,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_29.html","https://issues.chromium.org/issues/426054987"],"published_time":"2025-07-30T02:17:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-8011","summary":"Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00082,"ranking_epss":0.23998,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_22.html","https://issues.chromium.org/issues/430572435"],"published_time":"2025-07-22T22:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-8010","summary":"Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.26067,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_22.html","https://issues.chromium.org/issues/430344952"],"published_time":"2025-07-22T22:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-6558","summary":"Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00168,"ranking_epss":0.37984,"kev":true,"propose_action":"Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/427162086","http://seclists.org/fulldisclosure/2025/Aug/0","http://seclists.org/fulldisclosure/2025/Jul/30","http://seclists.org/fulldisclosure/2025/Jul/32","http://seclists.org/fulldisclosure/2025/Jul/35","http://seclists.org/fulldisclosure/2025/Jul/37","http://www.openwall.com/lists/oss-security/2025/08/02/1","https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6558"],"published_time":"2025-07-15T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-7656","summary":"Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23728,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/425583995"],"published_time":"2025-07-15T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-7657","summary":"Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16911,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/427681143"],"published_time":"2025-07-15T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-6554","summary":"Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00937,"ranking_epss":0.76241,"kev":true,"propose_action":"Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/427663123","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6554"],"published_time":"2025-06-30T22:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-6555","summary":"Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.1629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/407328533"],"published_time":"2025-06-24T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-6556","summary":"Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05599,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/40062462"],"published_time":"2025-06-24T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-6557","summary":"Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00084,"ranking_epss":0.24526,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/406631048"],"published_time":"2025-06-24T20:15:27","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-6191","summary":"Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00165,"ranking_epss":0.37643,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html","https://issues.chromium.org/issues/420697404"],"published_time":"2025-06-18T19:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-6192","summary":"Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00221,"ranking_epss":0.4476,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html","https://issues.chromium.org/issues/421471016"],"published_time":"2025-06-18T19:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-5959","summary":"Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00109,"ranking_epss":0.29222,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/422313191"],"published_time":"2025-06-11T01:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-5958","summary":"Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00147,"ranking_epss":0.35107,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/420150619"],"published_time":"2025-06-11T01:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-5419","summary":"Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03257,"ranking_epss":0.87154,"kev":true,"propose_action":"Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/420636529","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5419","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5419"],"published_time":"2025-06-03T00:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-5068","summary":"Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00449,"ranking_epss":0.63652,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/409059706"],"published_time":"2025-06-03T00:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-5280","summary":"Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00641,"ranking_epss":0.70614,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html","https://issues.chromium.org/issues/417169470"],"published_time":"2025-05-27T21:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-5281","summary":"Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00213,"ranking_epss":0.43926,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html","https://issues.chromium.org/issues/417215501"],"published_time":"2025-05-27T21:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-5283","summary":"Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00273,"ranking_epss":0.50764,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html","https://issues.chromium.org/issues/419467315","https://lists.debian.org/debian-lts-announce/2025/05/msg00043.html","https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html","https://lists.debian.org/debian-lts-announce/2025/05/msg00052.html"],"published_time":"2025-05-27T21:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-5063","summary":"Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00457,"ranking_epss":0.63965,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html","https://issues.chromium.org/issues/411573532"],"published_time":"2025-05-27T21:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-5064","summary":"Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00128,"ranking_epss":0.32147,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html","https://issues.chromium.org/issues/40058068"],"published_time":"2025-05-27T21:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-5065","summary":"Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00102,"ranking_epss":0.28036,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html","https://issues.chromium.org/issues/40059071"],"published_time":"2025-05-27T21:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-5066","summary":"Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00102,"ranking_epss":0.28036,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html","https://issues.chromium.org/issues/356658477"],"published_time":"2025-05-27T21:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-5067","summary":"Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.1695,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html","https://issues.chromium.org/issues/40075024"],"published_time":"2025-05-27T21:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-4664","summary":"Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.30646,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html","https://issues.chromium.org/issues/415810136"],"published_time":"2025-05-14T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-4372","summary":"Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00196,"ranking_epss":0.41607,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/412057896"],"published_time":"2025-05-06T22:15:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-4051","summary":"Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00124,"ranking_epss":0.31573,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html","https://issues.chromium.org/issues/404000989"],"published_time":"2025-05-05T18:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-4052","summary":"Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00194,"ranking_epss":0.41369,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html","https://issues.chromium.org/issues/401927528"],"published_time":"2025-05-05T18:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-4096","summary":"Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00195,"ranking_epss":0.4145,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html","https://issues.chromium.org/issues/409911705"],"published_time":"2025-05-05T18:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-4050","summary":"Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35655,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html","https://issues.chromium.org/issues/409342999"],"published_time":"2025-05-05T18:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-3620","summary":"Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00245,"ranking_epss":0.47854,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/405292639"],"published_time":"2025-04-16T21:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-3619","summary":"Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00121,"ranking_epss":0.31088,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/409619251"],"published_time":"2025-04-16T21:15:47","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-1122","summary":"Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0  stable on Cr50 Boards allows an attacker with root access to gain persistence and \nBypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.01892,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://issues.chromium.org/issues/b/324336238","https://issuetracker.google.com/issues/324336238"],"published_time":"2025-04-15T20:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-1292","summary":"Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132  stable on Cr50 Boards allows an attacker with root access to gain persistence and \nbypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.","cvss":6.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09099,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://issues.chromium.org/issues/b/324336238","https://issuetracker.google.com/issues/324336238"],"published_time":"2025-04-15T20:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-3067","summary":"Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium)","cvss":8.6,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":8.6,"epss":0.00207,"ranking_epss":0.43063,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/376491759","https://taptrap.click"],"published_time":"2025-04-02T01:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-3068","summary":"Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0029,"ranking_epss":0.5246,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/401823929"],"published_time":"2025-04-02T01:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-3069","summary":"Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00248,"ranking_epss":0.48165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/40060076"],"published_time":"2025-04-02T01:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-3070","summary":"Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00285,"ranking_epss":0.51951,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/40086360"],"published_time":"2025-04-02T01:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-3071","summary":"Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10614,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/40051596"],"published_time":"2025-04-02T01:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-3072","summary":"Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00183,"ranking_epss":0.40068,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/362545037"],"published_time":"2025-04-02T01:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-3073","summary":"Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00183,"ranking_epss":0.40068,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/388680893"],"published_time":"2025-04-02T01:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-3074","summary":"Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00152,"ranking_epss":0.35948,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/392818696"],"published_time":"2025-04-02T01:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-3066","summary":"Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00401,"ranking_epss":0.60781,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/405140652"],"published_time":"2025-04-02T01:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-2783","summary":"Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)","cvss":8.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.3,"cvss_v4":null,"epss":0.39478,"ranking_epss":0.9731,"kev":true,"propose_action":"Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html","https://issues.chromium.org/issues/405143032","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2783"],"published_time":"2025-03-26T16:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-2476","summary":"Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.16418,"ranking_epss":0.94892,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_19.html","https://issues.chromium.org/issues/401029609"],"published_time":"2025-03-19T19:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-1920","summary":"Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0035,"ranking_epss":0.57518,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/398065918"],"published_time":"2025-03-10T21:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-2135","summary":"Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.04826,"ranking_epss":0.89527,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/400052777"],"published_time":"2025-03-10T21:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-2136","summary":"Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0042,"ranking_epss":0.61998,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/395032416"],"published_time":"2025-03-10T21:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-2137","summary":"Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00263,"ranking_epss":0.49769,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/398999390"],"published_time":"2025-03-10T21:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-1923","summary":"Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00136,"ranking_epss":0.33306,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/382540635"],"published_time":"2025-03-05T04:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-1915","summary":"Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.0629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/391114799"],"published_time":"2025-03-05T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-1916","summary":"Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26381,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/376493203"],"published_time":"2025-03-05T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-1917","summary":"Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00195,"ranking_epss":0.41451,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/329476341"],"published_time":"2025-03-05T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-1918","summary":"Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00318,"ranking_epss":0.54927,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/388557904"],"published_time":"2025-03-05T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-1919","summary":"Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00318,"ranking_epss":0.54927,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/392375312"],"published_time":"2025-03-05T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-1921","summary":"Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00127,"ranking_epss":0.32013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/387583503"],"published_time":"2025-03-05T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-1922","summary":"Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00221,"ranking_epss":0.44782,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/384033062"],"published_time":"2025-03-05T04:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-1914","summary":"Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00318,"ranking_epss":0.54927,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/397731718"],"published_time":"2025-03-05T04:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-1006","summary":"Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted web app. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0033,"ranking_epss":0.56023,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/390590778"],"published_time":"2025-02-19T17:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-1426","summary":"Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00391,"ranking_epss":0.60174,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/383465163"],"published_time":"2025-02-19T17:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0999","summary":"Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00716,"ranking_epss":0.72419,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/394350433"],"published_time":"2025-02-19T17:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0995","summary":"Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00281,"ranking_epss":0.51582,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/391907159"],"published_time":"2025-02-15T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0996","summary":"Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00089,"ranking_epss":0.25274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/391788835"],"published_time":"2025-02-15T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0997","summary":"Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24655,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/391666328"],"published_time":"2025-02-15T02:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0444","summary":"Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00167,"ranking_epss":0.37831,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/390889644"],"published_time":"2025-02-04T19:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0445","summary":"Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15097,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/392521083"],"published_time":"2025-02-04T19:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0451","summary":"Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00251,"ranking_epss":0.48506,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/40061026"],"published_time":"2025-02-04T19:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0762","summary":"Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00373,"ranking_epss":0.59038,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/384844003"],"published_time":"2025-01-29T11:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0611","summary":"Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00637,"ranking_epss":0.70519,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html","https://issues.chromium.org/issues/386143468"],"published_time":"2025-01-22T20:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0612","summary":"Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00861,"ranking_epss":0.7509,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html","https://issues.chromium.org/issues/385155406"],"published_time":"2025-01-22T20:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0439","summary":"Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00084,"ranking_epss":0.24376,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html","https://issues.chromium.org/issues/371247941"],"published_time":"2025-01-15T11:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0440","summary":"Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00082,"ranking_epss":0.23956,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html","https://issues.chromium.org/issues/40067914"],"published_time":"2025-01-15T11:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0441","summary":"Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00077,"ranking_epss":0.2288,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html","https://issues.chromium.org/issues/368628042"],"published_time":"2025-01-15T11:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0442","summary":"Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28506,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html","https://issues.chromium.org/issues/40940854"],"published_time":"2025-01-15T11:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0443","summary":"Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00634,"ranking_epss":0.70424,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html","https://issues.chromium.org/issues/376625003"],"published_time":"2025-01-15T11:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0446","summary":"Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.20987,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html","https://issues.chromium.org/issues/359949844"],"published_time":"2025-01-15T11:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0447","summary":"Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00634,"ranking_epss":0.70424,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html","https://issues.chromium.org/issues/375550814"],"published_time":"2025-01-15T11:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0448","summary":"Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00093,"ranking_epss":0.25952,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html","https://issues.chromium.org/issues/377948403"],"published_time":"2025-01-15T11:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0434","summary":"Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00438,"ranking_epss":0.63158,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html","https://issues.chromium.org/issues/374627491"],"published_time":"2025-01-15T11:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0435","summary":"Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00163,"ranking_epss":0.37264,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html","https://issues.chromium.org/issues/379652406"],"published_time":"2025-01-15T11:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0436","summary":"Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00509,"ranking_epss":0.66406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html","https://issues.chromium.org/issues/382786791"],"published_time":"2025-01-15T11:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0437","summary":"Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20032,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html","https://issues.chromium.org/issues/378623799"],"published_time":"2025-01-15T11:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0438","summary":"Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00357,"ranking_epss":0.58024,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html","https://issues.chromium.org/issues/384186539"],"published_time":"2025-01-15T11:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-0291","summary":"Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.12088,"ranking_epss":0.9382,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/383356864"],"published_time":"2025-01-08T19:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-12693","summary":"Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02469,"ranking_epss":0.85285,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/382190919"],"published_time":"2024-12-18T22:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-12694","summary":"Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00519,"ranking_epss":0.66845,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/368222741"],"published_time":"2024-12-18T22:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-12695","summary":"Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02213,"ranking_epss":0.84486,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/383647255"],"published_time":"2024-12-18T22:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-12692","summary":"Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.05389,"ranking_epss":0.90137,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/382291459"],"published_time":"2024-12-18T22:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-12381","summary":"Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.05755,"ranking_epss":0.90477,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/381696874"],"published_time":"2024-12-12T01:40:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-12382","summary":"Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.16918,"ranking_epss":0.94979,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/379516109"],"published_time":"2024-12-12T01:40:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-12053","summary":"Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00109,"ranking_epss":0.29199,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/379009132"],"published_time":"2024-12-03T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7025","summary":"Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00184,"ranking_epss":0.40142,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/367764861"],"published_time":"2024-11-27T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9369","summary":"Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00142,"ranking_epss":0.34499,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/368208152"],"published_time":"2024-11-27T18:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-11395","summary":"Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00542,"ranking_epss":0.67748,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_19.html","https://issues.chromium.org/issues/377384894"],"published_time":"2024-11-19T20:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-11111","summary":"Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00162,"ranking_epss":0.37081,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/360520331"],"published_time":"2024-11-12T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-11112","summary":"Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0042,"ranking_epss":0.61998,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/354824998"],"published_time":"2024-11-12T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-11113","summary":"Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0042,"ranking_epss":0.61998,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/360274917"],"published_time":"2024-11-12T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-11114","summary":"Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.3,"cvss_v4":null,"epss":0.0048,"ranking_epss":0.65114,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/370856871"],"published_time":"2024-11-12T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-11115","summary":"Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00677,"ranking_epss":0.71536,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/371929521"],"published_time":"2024-11-12T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-11116","summary":"Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00126,"ranking_epss":0.31816,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/40942531"],"published_time":"2024-11-12T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-11117","summary":"Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.12581,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/40062534"],"published_time":"2024-11-12T21:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-11110","summary":"Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.18994,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/373263969"],"published_time":"2024-11-12T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-10827","summary":"Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00839,"ranking_epss":0.74736,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/375065084"],"published_time":"2024-11-06T17:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-10826","summary":"Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0035,"ranking_epss":0.57526,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/370217726"],"published_time":"2024-11-06T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-10487","summary":"Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00298,"ranking_epss":0.53229,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html","https://issues.chromium.org/issues/375123371"],"published_time":"2024-10-29T22:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-10488","summary":"Use after free in WebRTC in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00381,"ranking_epss":0.59564,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html","https://issues.chromium.org/issues/374310077"],"published_time":"2024-10-29T22:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-10231","summary":"Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00314,"ranking_epss":0.54596,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html","https://issues.chromium.org/issues/372269618"],"published_time":"2024-10-22T22:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-10229","summary":"Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17188,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html","https://issues.chromium.org/issues/371011220"],"published_time":"2024-10-22T22:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-10230","summary":"Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00253,"ranking_epss":0.48677,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html","https://issues.chromium.org/issues/371565065"],"published_time":"2024-10-22T22:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9954","summary":"Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.09069,"ranking_epss":0.9266,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/367755363"],"published_time":"2024-10-15T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9955","summary":"Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.29371,"ranking_epss":0.9661,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/370133761"],"published_time":"2024-10-15T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9956","summary":"Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05463,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/370482421","http://seclists.org/fulldisclosure/2025/Jan/13","https://mastersplinter.work/research/passkey/","https://news.ycombinator.com/item?id=43408674"],"published_time":"2024-10-15T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9957","summary":"Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00397,"ranking_epss":0.60593,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/358151317"],"published_time":"2024-10-15T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9958","summary":"Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00142,"ranking_epss":0.34445,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/40076120"],"published_time":"2024-10-15T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9959","summary":"Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00556,"ranking_epss":0.682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/368672129"],"published_time":"2024-10-15T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9960","summary":"Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00397,"ranking_epss":0.60593,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/354748063"],"published_time":"2024-10-15T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9961","summary":"Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00397,"ranking_epss":0.60593,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/357776197"],"published_time":"2024-10-15T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9962","summary":"Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20093,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/364508693"],"published_time":"2024-10-15T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9963","summary":"Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00185,"ranking_epss":0.40271,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/328278718"],"published_time":"2024-10-15T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9964","summary":"Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00185,"ranking_epss":0.40271,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/361711121"],"published_time":"2024-10-15T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9965","summary":"Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00934,"ranking_epss":0.76188,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/352651673"],"published_time":"2024-10-15T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9966","summary":"Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17277,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/364773822"],"published_time":"2024-10-15T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9859","summary":"Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00862,"ranking_epss":0.75101,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://issues.chromium.org/issues/346197738"],"published_time":"2024-10-11T17:15:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9603","summary":"Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00121,"ranking_epss":0.31054,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html","https://issues.chromium.org/issues/367818758"],"published_time":"2024-10-08T23:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9602","summary":"Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0042,"ranking_epss":0.61974,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html","https://issues.chromium.org/issues/368241697"],"published_time":"2024-10-08T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9120","summary":"Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00226,"ranking_epss":0.45466,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/365254285"],"published_time":"2024-09-25T01:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9121","summary":"Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00192,"ranking_epss":0.412,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/363538434"],"published_time":"2024-09-25T01:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9122","summary":"Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.08189,"ranking_epss":0.9221,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/365802567"],"published_time":"2024-09-25T01:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-9123","summary":"Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00217,"ranking_epss":0.44369,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/365884464"],"published_time":"2024-09-25T01:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7023","summary":"Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00655,"ranking_epss":0.71034,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://issues.chromium.org/issues/341803763"],"published_time":"2024-09-23T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7024","summary":"Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00123,"ranking_epss":0.3143,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://issues.chromium.org/issues/334120897"],"published_time":"2024-09-23T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-7281","summary":"Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23183,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://issues.chromium.org/issues/40055233"],"published_time":"2024-09-23T22:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-7282","summary":"Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0012,"ranking_epss":0.30947,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://issues.chromium.org/issues/40056040"],"published_time":"2024-09-23T22:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7018","summary":"Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00578,"ranking_epss":0.68901,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://issues.chromium.org/issues/333414305"],"published_time":"2024-09-23T22:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7019","summary":"Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00121,"ranking_epss":0.31051,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://issues.chromium.org/issues/41494315"],"published_time":"2024-09-23T22:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7020","summary":"Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00121,"ranking_epss":0.31051,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://issues.chromium.org/issues/40076065"],"published_time":"2024-09-23T22:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7022","summary":"Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42334,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://issues.chromium.org/issues/324690505"],"published_time":"2024-09-23T22:15:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-20072","summary":"Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Low)","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00186,"ranking_epss":0.40445,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://issues.chromium.org/issues/40093560"],"published_time":"2024-09-23T22:15:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-38023","summary":"Use after free in Extensions in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00276,"ranking_epss":0.51124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://issues.chromium.org/issues/40056265"],"published_time":"2024-09-23T22:15:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-8905","summary":"Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00204,"ranking_epss":0.4264,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html","https://issues.chromium.org/issues/359949835"],"published_time":"2024-09-17T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-8906","summary":"Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00122,"ranking_epss":0.31372,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html","https://issues.chromium.org/issues/352681108"],"published_time":"2024-09-17T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-8907","summary":"Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium)","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00069,"ranking_epss":0.21258,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html","https://issues.chromium.org/issues/360642942"],"published_time":"2024-09-17T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-8908","summary":"Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00082,"ranking_epss":0.24087,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html","https://issues.chromium.org/issues/337222641"],"published_time":"2024-09-17T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-8909","summary":"Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00126,"ranking_epss":0.31898,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html","https://issues.chromium.org/issues/341353783"],"published_time":"2024-09-17T21:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-8904","summary":"Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00294,"ranking_epss":0.52782,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html","https://issues.chromium.org/issues/365376497"],"published_time":"2024-09-17T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-8638","summary":"Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00129,"ranking_epss":0.324,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/362539773"],"published_time":"2024-09-11T14:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-8639","summary":"Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00274,"ranking_epss":0.50817,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/362658609"],"published_time":"2024-09-11T14:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-8636","summary":"Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0057,"ranking_epss":0.68632,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/361461526"],"published_time":"2024-09-11T14:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-8637","summary":"Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00275,"ranking_epss":0.50996,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/361784548"],"published_time":"2024-09-11T14:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7970","summary":"Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.4884,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/358485426"],"published_time":"2024-09-03T23:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-8362","summary":"Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00549,"ranking_epss":0.67982,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/357391257"],"published_time":"2024-09-03T23:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-8194","summary":"Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00116,"ranking_epss":0.30227,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/360533914"],"published_time":"2024-08-28T23:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-8198","summary":"Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00341,"ranking_epss":0.56837,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/360758697"],"published_time":"2024-08-28T23:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-8193","summary":"Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00762,"ranking_epss":0.73413,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/360265320"],"published_time":"2024-08-28T23:15:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-8035","summary":"Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00513,"ranking_epss":0.66589,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/40059470"],"published_time":"2024-08-21T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7966","summary":"Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00853,"ranking_epss":0.74974,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/355465305"],"published_time":"2024-08-21T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7967","summary":"Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00777,"ranking_epss":0.73687,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/355731798"],"published_time":"2024-08-21T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7968","summary":"Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01303,"ranking_epss":0.79773,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/349253666"],"published_time":"2024-08-21T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7969","summary":"Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00173,"ranking_epss":0.38666,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html","https://issues.chromium.org/issues/351865302"],"published_time":"2024-08-21T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7971","summary":"Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.01452,"ranking_epss":0.80831,"kev":true,"propose_action":"Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/360700873","https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7971"],"published_time":"2024-08-21T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7972","summary":"Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00631,"ranking_epss":0.70347,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/345960102"],"published_time":"2024-08-21T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7973","summary":"Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00385,"ranking_epss":0.59791,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/345518608"],"published_time":"2024-08-21T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7974","summary":"Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00694,"ranking_epss":0.71913,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/339141099"],"published_time":"2024-08-21T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7975","summary":"Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00243,"ranking_epss":0.47579,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/347588491"],"published_time":"2024-08-21T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7976","summary":"Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00235,"ranking_epss":0.465,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/339654392"],"published_time":"2024-08-21T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7977","summary":"Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07834,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/324770940"],"published_time":"2024-08-21T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7978","summary":"Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00313,"ranking_epss":0.54478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/40060358"],"published_time":"2024-08-21T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7979","summary":"Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.03855,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/356064205"],"published_time":"2024-08-21T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7980","summary":"Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10414,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/356328460"],"published_time":"2024-08-21T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7981","summary":"Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00516,"ranking_epss":0.66729,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/40067456"],"published_time":"2024-08-21T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-8033","summary":"Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00269,"ranking_epss":0.50482,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/350256139"],"published_time":"2024-08-21T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-8034","summary":"Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00368,"ranking_epss":0.58795,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/353858776"],"published_time":"2024-08-21T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7964","summary":"Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00962,"ranking_epss":0.76559,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/358296941"],"published_time":"2024-08-21T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7965","summary":"Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.26818,"ranking_epss":0.96364,"kev":true,"propose_action":"Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/356196918","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7965"],"published_time":"2024-08-21T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7534","summary":"Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00505,"ranking_epss":0.66251,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/352467338"],"published_time":"2024-08-06T21:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7535","summary":"Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00516,"ranking_epss":0.66719,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/352690885"],"published_time":"2024-08-06T21:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7536","summary":"Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0035,"ranking_epss":0.57531,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/354847246"],"published_time":"2024-08-06T21:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7550","summary":"Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00243,"ranking_epss":0.47675,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/355256380"],"published_time":"2024-08-06T21:16:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7532","summary":"Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00212,"ranking_epss":0.43806,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/350528343"],"published_time":"2024-08-06T21:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7533","summary":"Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00331,"ranking_epss":0.56075,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/353552540"],"published_time":"2024-08-06T21:16:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6991","summary":"Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0048,"ranking_epss":0.65123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/346618785"],"published_time":"2024-08-06T16:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6994","summary":"Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00732,"ranking_epss":0.72754,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/339686368"],"published_time":"2024-08-06T16:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6995","summary":"Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00126,"ranking_epss":0.31851,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/343938078"],"published_time":"2024-08-06T16:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6996","summary":"Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":3.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.1,"cvss_v4":null,"epss":0.00075,"ranking_epss":0.22695,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/333708039"],"published_time":"2024-08-06T16:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6997","summary":"Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00516,"ranking_epss":0.66719,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/325293263"],"published_time":"2024-08-06T16:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6998","summary":"Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00516,"ranking_epss":0.66719,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/340098902"],"published_time":"2024-08-06T16:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6999","summary":"Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00147,"ranking_epss":0.35095,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/340893685"],"published_time":"2024-08-06T16:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7000","summary":"Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00256,"ranking_epss":0.49065,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/339877158"],"published_time":"2024-08-06T16:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7001","summary":"Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00147,"ranking_epss":0.35095,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/347509736"],"published_time":"2024-08-06T16:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7003","summary":"Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15751,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/338233148"],"published_time":"2024-08-06T16:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7004","summary":"Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.22147,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/40063014"],"published_time":"2024-08-06T16:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7005","summary":"Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08814,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/40068800"],"published_time":"2024-08-06T16:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6988","summary":"Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00274,"ranking_epss":0.50877,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/349198731"],"published_time":"2024-08-06T16:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6989","summary":"Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00274,"ranking_epss":0.50877,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/349342289"],"published_time":"2024-08-06T16:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6990","summary":"Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00341,"ranking_epss":0.56834,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/353034820"],"published_time":"2024-08-01T18:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7255","summary":"Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00616,"ranking_epss":0.69957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/352872238"],"published_time":"2024-08-01T18:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-7256","summary":"Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00462,"ranking_epss":0.64271,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/354748060"],"published_time":"2024-08-01T18:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3173","summary":"Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00504,"ranking_epss":0.66224,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/40075849","https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/40075849"],"published_time":"2024-07-16T23:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3174","summary":"Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00701,"ranking_epss":0.72075,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/40073339","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/40073339"],"published_time":"2024-07-16T23:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3175","summary":"Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00457,"ranking_epss":0.6397,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/40069571","https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/40069571"],"published_time":"2024-07-16T23:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3176","summary":"Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00697,"ranking_epss":0.71972,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/40061476","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/40061476"],"published_time":"2024-07-16T23:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5500","summary":"Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0007,"ranking_epss":0.21429,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/40069622","https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/40069622"],"published_time":"2024-07-16T23:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-2884","summary":"Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00131,"ranking_epss":0.32637,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/41491373","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/41491373"],"published_time":"2024-07-16T23:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3168","summary":"Use after free in DevTools in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01295,"ranking_epss":0.79716,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/323813642","https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/323813642"],"published_time":"2024-07-16T23:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3169","summary":"Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00697,"ranking_epss":0.71972,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/41491234","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/41491234"],"published_time":"2024-07-16T23:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3170","summary":"Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00738,"ranking_epss":0.72895,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/41488824","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/41488824"],"published_time":"2024-07-16T23:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3171","summary":"Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01085,"ranking_epss":0.77917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/41483350","https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/41483350"],"published_time":"2024-07-16T23:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3172","summary":"Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0077,"ranking_epss":0.73567,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/40942152","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/40942152"],"published_time":"2024-07-16T23:15:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4860","summary":"Inappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00348,"ranking_epss":0.57396,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/40064341","https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/40064341"],"published_time":"2024-07-16T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-7010","summary":"Use after free in WebRTC in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00479,"ranking_epss":0.65099,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/40070891","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/40070891"],"published_time":"2024-07-16T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-7011","summary":"Inappropriate implementation in Picture in Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00207,"ranking_epss":0.43172,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/40066780","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/40066780"],"published_time":"2024-07-16T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-7012","summary":"Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17273,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/40061509","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/40061509"],"published_time":"2024-07-16T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-7013","summary":"Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00123,"ranking_epss":0.31464,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/40071326","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://issues.chromium.org/issues/40071326"],"published_time":"2024-07-16T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-25154","summary":"Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00362,"ranking_epss":0.58319,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/40094752","https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/40094752"],"published_time":"2024-07-16T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-36765","summary":"Insufficient policy enforcement in Navigation in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00101,"ranking_epss":0.27884,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html","https://issues.chromium.org/issues/40091076","https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html","https://issues.chromium.org/issues/40091076"],"published_time":"2024-07-16T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6775","summary":"Use after free in Media Stream in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00409,"ranking_epss":0.61266,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/347373236","https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/347373236"],"published_time":"2024-07-16T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6776","summary":"Use after free in Audio in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00409,"ranking_epss":0.61266,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/346692546","https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/346692546"],"published_time":"2024-07-16T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6777","summary":"Use after free in Navigation in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15516,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/345640549","https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/345640549"],"published_time":"2024-07-16T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6778","summary":"Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.12757,"ranking_epss":0.94024,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/341136300","https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/341136300"],"published_time":"2024-07-16T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6779","summary":"Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00585,"ranking_epss":0.69113,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/351327767","https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/351327767"],"published_time":"2024-07-16T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6772","summary":"Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00322,"ranking_epss":0.55318,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/346597059","https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/346597059"],"published_time":"2024-07-16T22:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6773","summary":"Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00608,"ranking_epss":0.69761,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/347724915","https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/347724915"],"published_time":"2024-07-16T22:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6774","summary":"Use after free in Screen Capture in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00375,"ranking_epss":0.59204,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/346898524","https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/346898524"],"published_time":"2024-07-16T22:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6290","summary":"Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00431,"ranking_epss":0.62636,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/342428008","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6OJ65HWXYSYMH55VDO6N36EOZFUNL4O/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHV5WTU27YOIBIM2CON42SHWY6J2HPRS/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/342428008","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6OJ65HWXYSYMH55VDO6N36EOZFUNL4O/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHV5WTU27YOIBIM2CON42SHWY6J2HPRS/"],"published_time":"2024-06-24T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6291","summary":"Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00276,"ranking_epss":0.51123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/40942995","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6OJ65HWXYSYMH55VDO6N36EOZFUNL4O/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHV5WTU27YOIBIM2CON42SHWY6J2HPRS/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/40942995","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6OJ65HWXYSYMH55VDO6N36EOZFUNL4O/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHV5WTU27YOIBIM2CON42SHWY6J2HPRS/"],"published_time":"2024-06-24T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6292","summary":"Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00276,"ranking_epss":0.51123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/342545100","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6OJ65HWXYSYMH55VDO6N36EOZFUNL4O/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHV5WTU27YOIBIM2CON42SHWY6J2HPRS/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/342545100","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6OJ65HWXYSYMH55VDO6N36EOZFUNL4O/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHV5WTU27YOIBIM2CON42SHWY6J2HPRS/"],"published_time":"2024-06-24T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6293","summary":"Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00317,"ranking_epss":0.54843,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/345993680","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6OJ65HWXYSYMH55VDO6N36EOZFUNL4O/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHV5WTU27YOIBIM2CON42SHWY6J2HPRS/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/345993680","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6OJ65HWXYSYMH55VDO6N36EOZFUNL4O/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHV5WTU27YOIBIM2CON42SHWY6J2HPRS/"],"published_time":"2024-06-24T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6102","summary":"Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00557,"ranking_epss":0.68233,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/339169163","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5NRNCEYS246CYGOR32MF7OGKWOWER22/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/339169163","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5NRNCEYS246CYGOR32MF7OGKWOWER22/"],"published_time":"2024-06-20T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6103","summary":"Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00557,"ranking_epss":0.68233,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/344639860","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5NRNCEYS246CYGOR32MF7OGKWOWER22/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/344639860","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5NRNCEYS246CYGOR32MF7OGKWOWER22/"],"published_time":"2024-06-20T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6100","summary":"Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00658,"ranking_epss":0.71094,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/344608204","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5NRNCEYS246CYGOR32MF7OGKWOWER22/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/344608204","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5NRNCEYS246CYGOR32MF7OGKWOWER22/"],"published_time":"2024-06-20T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-6101","summary":"Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00475,"ranking_epss":0.64845,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/343748812","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5NRNCEYS246CYGOR32MF7OGKWOWER22/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html","https://issues.chromium.org/issues/343748812","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5NRNCEYS246CYGOR32MF7OGKWOWER22/"],"published_time":"2024-06-20T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5841","summary":"Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00311,"ranking_epss":0.54297,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/326765855","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/326765855","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/"],"published_time":"2024-06-11T21:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5842","summary":"Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00402,"ranking_epss":0.60886,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/40062622","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/40062622","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/"],"published_time":"2024-06-11T21:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5843","summary":"Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0012,"ranking_epss":0.30969,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/333940412","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/333940412","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/"],"published_time":"2024-06-11T21:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5844","summary":"Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00416,"ranking_epss":0.6176,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/331960660","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/331960660","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/"],"published_time":"2024-06-11T21:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5845","summary":"Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00337,"ranking_epss":0.5662,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/340178596","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/340178596","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/"],"published_time":"2024-06-11T21:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5846","summary":"Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00485,"ranking_epss":0.65397,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/341095523","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/341095523","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/"],"published_time":"2024-06-11T21:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5847","summary":"Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00485,"ranking_epss":0.65397,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/341313077","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/341313077","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/"],"published_time":"2024-06-11T21:15:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5830","summary":"Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.06188,"ranking_epss":0.90876,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/342456991","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/342456991","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/"],"published_time":"2024-06-11T21:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5831","summary":"Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00485,"ranking_epss":0.65397,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/339171223","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/339171223","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/"],"published_time":"2024-06-11T21:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5832","summary":"Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00337,"ranking_epss":0.5662,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/340196361","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/340196361","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/"],"published_time":"2024-06-11T21:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5833","summary":"Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00229,"ranking_epss":0.45744,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/342602616","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/342602616","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/"],"published_time":"2024-06-11T21:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5834","summary":"Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01368,"ranking_epss":0.80234,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/342840932","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/342840932","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/"],"published_time":"2024-06-11T21:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5835","summary":"Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27515,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/341991535","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/341991535","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/"],"published_time":"2024-06-11T21:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5836","summary":"Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00467,"ranking_epss":0.64478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/341875171","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/341875171","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/"],"published_time":"2024-06-11T21:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5837","summary":"Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00249,"ranking_epss":0.48193,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/342415789","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/342415789","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/"],"published_time":"2024-06-11T21:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5838","summary":"Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00248,"ranking_epss":0.4816,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/342522151","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/342522151","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/"],"published_time":"2024-06-11T21:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5839","summary":"Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00122,"ranking_epss":0.31276,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/340122160","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/340122160","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/"],"published_time":"2024-06-11T21:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5840","summary":"Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.19414,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/41492103","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/","https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/41492103","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/"],"published_time":"2024-06-11T21:15:54","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-7261","summary":"Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.11914,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://issues.chromium.org/issues/40064602","https://issues.chromium.org/issues/40064602"],"published_time":"2024-06-07T20:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5493","summary":"Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00475,"ranking_epss":0.6483,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/339877165","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5SQOWDIVBXQYQPPBSCH7EFISYAOCTHD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4TZXVPN3NLZ4UDGZP6OASUM4OVLXX2/","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/339877165","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5SQOWDIVBXQYQPPBSCH7EFISYAOCTHD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4TZXVPN3NLZ4UDGZP6OASUM4OVLXX2/"],"published_time":"2024-05-30T23:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5494","summary":"Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00521,"ranking_epss":0.66895,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/338071106","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5SQOWDIVBXQYQPPBSCH7EFISYAOCTHD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4TZXVPN3NLZ4UDGZP6OASUM4OVLXX2/","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/338071106","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5SQOWDIVBXQYQPPBSCH7EFISYAOCTHD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4TZXVPN3NLZ4UDGZP6OASUM4OVLXX2/"],"published_time":"2024-05-30T23:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5495","summary":"Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00334,"ranking_epss":0.56278,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/338103465","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5SQOWDIVBXQYQPPBSCH7EFISYAOCTHD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4TZXVPN3NLZ4UDGZP6OASUM4OVLXX2/","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/338103465","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5SQOWDIVBXQYQPPBSCH7EFISYAOCTHD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4TZXVPN3NLZ4UDGZP6OASUM4OVLXX2/"],"published_time":"2024-05-30T23:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5496","summary":"Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00884,"ranking_epss":0.75458,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/338929744","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5SQOWDIVBXQYQPPBSCH7EFISYAOCTHD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4TZXVPN3NLZ4UDGZP6OASUM4OVLXX2/","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/338929744","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5SQOWDIVBXQYQPPBSCH7EFISYAOCTHD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4TZXVPN3NLZ4UDGZP6OASUM4OVLXX2/"],"published_time":"2024-05-30T23:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5497","summary":"Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00719,"ranking_epss":0.72497,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/339061099","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5SQOWDIVBXQYQPPBSCH7EFISYAOCTHD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4TZXVPN3NLZ4UDGZP6OASUM4OVLXX2/","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/339061099","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5SQOWDIVBXQYQPPBSCH7EFISYAOCTHD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4TZXVPN3NLZ4UDGZP6OASUM4OVLXX2/"],"published_time":"2024-05-30T23:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5498","summary":"Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26269,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/339588211","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5SQOWDIVBXQYQPPBSCH7EFISYAOCTHD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4TZXVPN3NLZ4UDGZP6OASUM4OVLXX2/","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/339588211","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5SQOWDIVBXQYQPPBSCH7EFISYAOCTHD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4TZXVPN3NLZ4UDGZP6OASUM4OVLXX2/"],"published_time":"2024-05-30T23:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5499","summary":"Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01307,"ranking_epss":0.79804,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/339877167","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5SQOWDIVBXQYQPPBSCH7EFISYAOCTHD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4TZXVPN3NLZ4UDGZP6OASUM4OVLXX2/","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/339877167","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5SQOWDIVBXQYQPPBSCH7EFISYAOCTHD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW4TZXVPN3NLZ4UDGZP6OASUM4OVLXX2/"],"published_time":"2024-05-30T23:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5274","summary":"Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.03597,"ranking_epss":0.87781,"kev":true,"propose_action":"Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/341663589","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVC3FNI7HZLVSRIFBVUSBHI233DZYBKP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6IBUYVPD4MIFQNNYBGAPI5MOECWXXOB/","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html","https://issues.chromium.org/issues/341663589","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVC3FNI7HZLVSRIFBVUSBHI233DZYBKP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6IBUYVPD4MIFQNNYBGAPI5MOECWXXOB/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-5274"],"published_time":"2024-05-28T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5159","summary":"Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00392,"ranking_epss":0.60224,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/335613092","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KEVD4433KTOCYY6V4I7MMYKQ6URUS4L/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX6IYZ6XF7B2WE66NFPNI2NHWJFI6VDF/","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/335613092","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KEVD4433KTOCYY6V4I7MMYKQ6URUS4L/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX6IYZ6XF7B2WE66NFPNI2NHWJFI6VDF/"],"published_time":"2024-05-22T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5160","summary":"Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00392,"ranking_epss":0.60224,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/338161969","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KEVD4433KTOCYY6V4I7MMYKQ6URUS4L/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX6IYZ6XF7B2WE66NFPNI2NHWJFI6VDF/","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/338161969","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KEVD4433KTOCYY6V4I7MMYKQ6URUS4L/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX6IYZ6XF7B2WE66NFPNI2NHWJFI6VDF/"],"published_time":"2024-05-22T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5157","summary":"Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00713,"ranking_epss":0.72349,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/336012573","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KEVD4433KTOCYY6V4I7MMYKQ6URUS4L/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX6IYZ6XF7B2WE66NFPNI2NHWJFI6VDF/","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/336012573","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KEVD4433KTOCYY6V4I7MMYKQ6URUS4L/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX6IYZ6XF7B2WE66NFPNI2NHWJFI6VDF/"],"published_time":"2024-05-22T16:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-5158","summary":"Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00177,"ranking_epss":0.39298,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/338908243","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KEVD4433KTOCYY6V4I7MMYKQ6URUS4L/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX6IYZ6XF7B2WE66NFPNI2NHWJFI6VDF/","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html","https://issues.chromium.org/issues/338908243","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KEVD4433KTOCYY6V4I7MMYKQ6URUS4L/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX6IYZ6XF7B2WE66NFPNI2NHWJFI6VDF/"],"published_time":"2024-05-22T16:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-4947","summary":"Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00359,"ranking_epss":0.58107,"kev":true,"propose_action":"Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/340221135","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/340221135","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4947"],"published_time":"2024-05-15T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-4948","summary":"Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00252,"ranking_epss":0.48594,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/333414294","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/333414294","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/"],"published_time":"2024-05-15T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-4949","summary":"Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00252,"ranking_epss":0.48594,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/326607001","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/326607001","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/"],"published_time":"2024-05-15T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-4950","summary":"Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35323,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/40065403","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html","https://issues.chromium.org/issues/40065403","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/"],"published_time":"2024-05-15T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-4761","summary":"Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02473,"ranking_epss":0.85295,"kev":true,"propose_action":"Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. ","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html","https://issues.chromium.org/issues/339458194","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html","https://issues.chromium.org/issues/339458194","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4761"],"published_time":"2024-05-14T16:17:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-4671","summary":"Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00161,"ranking_epss":0.37031,"kev":true,"propose_action":"Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html","https://issues.chromium.org/issues/339266700","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html","https://issues.chromium.org/issues/339266700","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4671"],"published_time":"2024-05-14T15:44:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-4558","summary":"Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.0238,"ranking_epss":0.85014,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_7.html","https://issues.chromium.org/issues/337766133","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/","http://seclists.org/fulldisclosure/2024/Jul/15","http://seclists.org/fulldisclosure/2024/Jul/16","http://seclists.org/fulldisclosure/2024/Jul/18","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_7.html","https://issues.chromium.org/issues/337766133","https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/","https://support.apple.com/kb/HT214117","https://support.apple.com/kb/HT214119","https://support.apple.com/kb/HT214121"],"published_time":"2024-05-07T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-4559","summary":"Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00409,"ranking_epss":0.61316,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_7.html","https://issues.chromium.org/issues/331369797","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/","https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_7.html","https://issues.chromium.org/issues/331369797","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"],"published_time":"2024-05-07T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-4058","summary":"Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.06327,"ranking_epss":0.91001,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/332546345","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/332546345","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/"],"published_time":"2024-05-01T13:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-4059","summary":"Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. (Chromium security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00184,"ranking_epss":0.40151,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/333182464","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/333182464","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/"],"published_time":"2024-05-01T13:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-4060","summary":"Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00218,"ranking_epss":0.44527,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/333420620","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html","https://issues.chromium.org/issues/333420620","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/"],"published_time":"2024-05-01T13:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-4331","summary":"Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01163,"ranking_epss":0.78634,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/335003891","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7I4FMQSOVTCIIH4XT2MJGEQRUACLPB6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/335003891","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7I4FMQSOVTCIIH4XT2MJGEQRUACLPB6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/"],"published_time":"2024-05-01T13:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-4368","summary":"Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00426,"ranking_epss":0.62336,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/333508731","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7I4FMQSOVTCIIH4XT2MJGEQRUACLPB6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html","https://issues.chromium.org/issues/333508731","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7I4FMQSOVTCIIH4XT2MJGEQRUACLPB6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/"],"published_time":"2024-05-01T13:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3914","summary":"Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00258,"ranking_epss":0.49221,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/330759272","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/330759272","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"],"published_time":"2024-04-17T18:15:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3832","summary":"Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.05754,"ranking_epss":0.90476,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/331358160","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/331358160","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"],"published_time":"2024-04-17T08:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3833","summary":"Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.04149,"ranking_epss":0.88676,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/331383939","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/331383939","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"],"published_time":"2024-04-17T08:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3834","summary":"Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0045,"ranking_epss":0.6369,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/326607008","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/326607008","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"],"published_time":"2024-04-17T08:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3837","summary":"Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00348,"ranking_epss":0.57385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/41491379","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/41491379","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"],"published_time":"2024-04-17T08:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3838","summary":"Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00215,"ranking_epss":0.44083,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/328278717","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/328278717","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"],"published_time":"2024-04-17T08:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3839","summary":"Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00196,"ranking_epss":0.41576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/41491859","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/41491859","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"],"published_time":"2024-04-17T08:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3840","summary":"Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00181,"ranking_epss":0.39862,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/41493458","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/41493458","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"],"published_time":"2024-04-17T08:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3841","summary":"Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium)","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00311,"ranking_epss":0.54377,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/330376742","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/330376742","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"],"published_time":"2024-04-17T08:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3843","summary":"Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00534,"ranking_epss":0.67443,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/41486690","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/41486690","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"],"published_time":"2024-04-17T08:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3844","summary":"Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00826,"ranking_epss":0.74516,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/40058873","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/40058873","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"],"published_time":"2024-04-17T08:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3845","summary":"Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00259,"ranking_epss":0.49301,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/323583084","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/323583084","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"],"published_time":"2024-04-17T08:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3846","summary":"Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00901,"ranking_epss":0.75716,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/40064754","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/40064754","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"],"published_time":"2024-04-17T08:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3847","summary":"Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00129,"ranking_epss":0.32295,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/328690293","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html","https://issues.chromium.org/issues/328690293","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"],"published_time":"2024-04-17T08:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3157","summary":"Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00539,"ranking_epss":0.67621,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/331237485","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/331237485","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4/"],"published_time":"2024-04-10T19:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3515","summary":"Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00183,"ranking_epss":0.40059,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/331123811","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/331123811","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4/"],"published_time":"2024-04-10T19:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3516","summary":"Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00563,"ranking_epss":0.68409,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/328859176","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html","https://issues.chromium.org/issues/328859176","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4/"],"published_time":"2024-04-10T19:15:49","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3156","summary":"Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02075,"ranking_epss":0.83987,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/329130358","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/329130358","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U26WECLV5QAQVTIFAUDSRO6QX3NTHYVC/"],"published_time":"2024-04-06T15:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3158","summary":"Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01427,"ranking_epss":0.8066,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/329965696","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/329965696","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U26WECLV5QAQVTIFAUDSRO6QX3NTHYVC/"],"published_time":"2024-04-06T15:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-3159","summary":"Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.06301,"ranking_epss":0.9098,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/330760873","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/","https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/330760873","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U26WECLV5QAQVTIFAUDSRO6QX3NTHYVC/"],"published_time":"2024-04-06T15:15:26","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-2883","summary":"Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00302,"ranking_epss":0.53549,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html","https://issues.chromium.org/issues/327807820","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/","https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html","https://issues.chromium.org/issues/327807820","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/"],"published_time":"2024-03-26T21:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-2885","summary":"Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00302,"ranking_epss":0.53549,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html","https://issues.chromium.org/issues/328958020","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/","https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html","https://issues.chromium.org/issues/328958020","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/"],"published_time":"2024-03-26T21:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-2886","summary":"Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01317,"ranking_epss":0.79888,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html","https://issues.chromium.org/issues/330575496","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/","https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html","https://issues.chromium.org/issues/330575496","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/"],"published_time":"2024-03-26T21:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-2887","summary":"Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"cvss_v4":null,"epss":0.04919,"ranking_epss":0.8963,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html","https://issues.chromium.org/issues/330588502","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/","https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html","https://issues.chromium.org/issues/330588502","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/","https://www.zerodayinitiative.com/blog/2024/5/2/cve-2024-2887-a-pwn2own-winning-bug-in-google-chrome"],"published_time":"2024-03-26T21:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-2625","summary":"Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00945,"ranking_epss":0.76358,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html","https://issues.chromium.org/issues/327740539","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/","https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html","https://issues.chromium.org/issues/327740539","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/"],"published_time":"2024-03-20T17:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-2626","summary":"Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00126,"ranking_epss":0.31912,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html","https://issues.chromium.org/issues/40945098","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/","https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html","https://issues.chromium.org/issues/40945098","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/"],"published_time":"2024-03-20T17:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-2627","summary":"Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00728,"ranking_epss":0.72669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html","https://issues.chromium.org/issues/41493290","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/","https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html","https://issues.chromium.org/issues/41493290","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/"],"published_time":"2024-03-20T17:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-2628","summary":"Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0018,"ranking_epss":0.39626,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html","https://issues.chromium.org/issues/41487774","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/","https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html","https://issues.chromium.org/issues/41487774","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/"],"published_time":"2024-03-20T17:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-2629","summary":"Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0021,"ranking_epss":0.43463,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html","https://issues.chromium.org/issues/41487721","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/","https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html","https://issues.chromium.org/issues/41487721","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/"],"published_time":"2024-03-20T17:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-2630","summary":"Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00123,"ranking_epss":0.31409,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html","https://issues.chromium.org/issues/41481877","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/","https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html","https://issues.chromium.org/issues/41481877","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/"],"published_time":"2024-03-20T17:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-2631","summary":"Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00166,"ranking_epss":0.3767,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html","https://issues.chromium.org/issues/41495878","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/","https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html","https://issues.chromium.org/issues/41495878","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/"],"published_time":"2024-03-20T17:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-2400","summary":"Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00147,"ranking_epss":0.35147,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/327696052","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T55OZ7JOMLNT5ICM4DTCZOJZD6TZICKO/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIKPDCUMQNF2DFB7TU3V4ISJ7WFJH7YI/","https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_12.html","https://issues.chromium.org/issues/327696052","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T55OZ7JOMLNT5ICM4DTCZOJZD6TZICKO/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIKPDCUMQNF2DFB7TU3V4ISJ7WFJH7YI/"],"published_time":"2024-03-13T04:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-2174","summary":"Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0013,"ranking_epss":0.32433,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/325866363","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYEGSHTMXIPXD5OW5CXVWQS3ZUBCBSXG/","https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/325866363","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYEGSHTMXIPXD5OW5CXVWQS3ZUBCBSXG/"],"published_time":"2024-03-06T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-2176","summary":"Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00957,"ranking_epss":0.76488,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/325936438","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYEGSHTMXIPXD5OW5CXVWQS3ZUBCBSXG/","https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/325936438","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYEGSHTMXIPXD5OW5CXVWQS3ZUBCBSXG/"],"published_time":"2024-03-06T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-2173","summary":"Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00142,"ranking_epss":0.34452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/325893559","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYEGSHTMXIPXD5OW5CXVWQS3ZUBCBSXG/","https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/325893559","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYEGSHTMXIPXD5OW5CXVWQS3ZUBCBSXG/"],"published_time":"2024-03-06T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-1938","summary":"Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00387,"ranking_epss":0.59883,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html","https://issues.chromium.org/issues/324596281","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWSP5MIK7CDWJQHN2SJJX2YGSSS7E4O/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6KJCEJWJR5Z54Z75LRJGELDNMFDKLZG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTGM2WHYSZAUUPENB7YO6E5ONAKE6AKJ/","https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html","https://issues.chromium.org/issues/324596281","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWSP5MIK7CDWJQHN2SJJX2YGSSS7E4O/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6KJCEJWJR5Z54Z75LRJGELDNMFDKLZG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTGM2WHYSZAUUPENB7YO6E5ONAKE6AKJ/"],"published_time":"2024-02-29T01:43:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-1939","summary":"Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.45835,"ranking_epss":0.97634,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html","https://issues.chromium.org/issues/323694592","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWSP5MIK7CDWJQHN2SJJX2YGSSS7E4O/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6KJCEJWJR5Z54Z75LRJGELDNMFDKLZG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTGM2WHYSZAUUPENB7YO6E5ONAKE6AKJ/","https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html","https://issues.chromium.org/issues/323694592","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWSP5MIK7CDWJQHN2SJJX2YGSSS7E4O/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6KJCEJWJR5Z54Z75LRJGELDNMFDKLZG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTGM2WHYSZAUUPENB7YO6E5ONAKE6AKJ/"],"published_time":"2024-02-29T01:43:57","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-1669","summary":"Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00344,"ranking_epss":0.57071,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/41495060","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/","https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/41495060","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/"],"published_time":"2024-02-21T04:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-1670","summary":"Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00519,"ranking_epss":0.66849,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/41481374","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/","https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/41481374","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/"],"published_time":"2024-02-21T04:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-1671","summary":"Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00077,"ranking_epss":0.23016,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/41487933","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/","https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/41487933","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/"],"published_time":"2024-02-21T04:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-1672","summary":"Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00105,"ranking_epss":0.28443,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/41485789","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/","https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/41485789","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/"],"published_time":"2024-02-21T04:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-1673","summary":"Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00613,"ranking_epss":0.6988,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/41490491","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/","https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/41490491","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/"],"published_time":"2024-02-21T04:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-1674","summary":"Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10518,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/40095183","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/","https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/40095183","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/"],"published_time":"2024-02-21T04:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-1675","summary":"Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00145,"ranking_epss":0.3483,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/41486208","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/","https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/41486208","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/"],"published_time":"2024-02-21T04:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-1676","summary":"Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00325,"ranking_epss":0.55555,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/40944847","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/","https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/40944847","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/"],"published_time":"2024-02-21T04:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-47131","summary":"The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00218,"ranking_epss":0.44394,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://me.n-able.com/s/security-advisory/aArHs000000M8CCKA0/cve202347131-passportal-browser-extension-logs-sensitive-data","https://me.n-able.com/s/security-advisory/aArHs000000M8CCKA0/cve202347131-passportal-browser-extension-logs-sensitive-data"],"published_time":"2024-02-08T23:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-1283","summary":"Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.02686,"ranking_epss":0.85877,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/41494860","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KN32XXNHIR6KBS4BYQTZV2JQFN4D6ZSE/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSCIL2WH2L4R4KWSRCTDWBPAMOJIYBJE/","https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/41494860","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KN32XXNHIR6KBS4BYQTZV2JQFN4D6ZSE/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSCIL2WH2L4R4KWSRCTDWBPAMOJIYBJE/"],"published_time":"2024-02-07T00:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-1284","summary":"Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.0097,"ranking_epss":0.76667,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/41494539","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KN32XXNHIR6KBS4BYQTZV2JQFN4D6ZSE/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSCIL2WH2L4R4KWSRCTDWBPAMOJIYBJE/","https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html","https://issues.chromium.org/issues/41494539","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KN32XXNHIR6KBS4BYQTZV2JQFN4D6ZSE/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSCIL2WH2L4R4KWSRCTDWBPAMOJIYBJE/"],"published_time":"2024-02-07T00:15:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-1060","summary":"Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00353,"ranking_epss":0.57724,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html","https://crbug.com/1511567","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCVKRHRWPMITSVFBHQBSNXOVJAKT547Q/","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html","https://crbug.com/1511567","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCVKRHRWPMITSVFBHQBSNXOVJAKT547Q/"],"published_time":"2024-01-30T22:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-1077","summary":"Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01001,"ranking_epss":0.77038,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html","https://crbug.com/1511085","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCVKRHRWPMITSVFBHQBSNXOVJAKT547Q/","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html","https://crbug.com/1511085","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCVKRHRWPMITSVFBHQBSNXOVJAKT547Q/"],"published_time":"2024-01-30T22:15:53","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-1059","summary":"Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00698,"ranking_epss":0.71997,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html","https://crbug.com/1514777","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCVKRHRWPMITSVFBHQBSNXOVJAKT547Q/","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html","https://crbug.com/1514777","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCVKRHRWPMITSVFBHQBSNXOVJAKT547Q/"],"published_time":"2024-01-30T22:15:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0809","summary":"Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12302,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1497985","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1497985","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"],"published_time":"2024-01-24T00:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0810","summary":"Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.22059,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1496250","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1496250","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"],"published_time":"2024-01-24T00:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0811","summary":"Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00338,"ranking_epss":0.56658,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/177172/Chrome-chrome.pageCapture.saveAsMHTML-Extension-API-Blocked-Origin-Bypass.html","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1494490","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/","http://packetstormsecurity.com/files/177172/Chrome-chrome.pageCapture.saveAsMHTML-Extension-API-Blocked-Origin-Bypass.html","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1494490","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"],"published_time":"2024-01-24T00:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0812","summary":"Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00329,"ranking_epss":0.559,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1484394","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1484394","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"],"published_time":"2024-01-24T00:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0813","summary":"Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00076,"ranking_epss":0.22773,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1477151","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1477151","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"],"published_time":"2024-01-24T00:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0814","summary":"Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00129,"ranking_epss":0.32253,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1463935","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1463935","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"],"published_time":"2024-01-24T00:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0804","summary":"Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00113,"ranking_epss":0.29817,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1515137","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1515137","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"],"published_time":"2024-01-24T00:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0805","summary":"Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00134,"ranking_epss":0.3301,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1514925","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1514925","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"],"published_time":"2024-01-24T00:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0806","summary":"Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00329,"ranking_epss":0.559,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1505176","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1505176","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"],"published_time":"2024-01-24T00:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0807","summary":"Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00253,"ranking_epss":0.48706,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1505080","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1505080","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"],"published_time":"2024-01-24T00:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0808","summary":"Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00344,"ranking_epss":0.57072,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1504936","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html","https://crbug.com/1504936","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"],"published_time":"2024-01-24T00:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0517","summary":"Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.7313,"ranking_epss":0.98792,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html","https://crbug.com/1515930","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html","https://crbug.com/1515930","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/","https://www.vicarius.io/vsociety/posts/out-of-bound-write-in-v8-javascript-engine-cve-2024-0517"],"published_time":"2024-01-16T22:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0518","summary":"Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00219,"ranking_epss":0.4457,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html","https://crbug.com/1507412","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html","https://crbug.com/1507412","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/"],"published_time":"2024-01-16T22:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0519","summary":"Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00142,"ranking_epss":0.3447,"kev":true,"propose_action":"Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html","https://crbug.com/1517354","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/","https://www.couchbase.com/alerts/","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html","https://crbug.com/1517354","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/","https://www.couchbase.com/alerts/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-0519"],"published_time":"2024-01-16T22:15:37","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0333","summary":"Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High)","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.2248,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html","https://crbug.com/1513379","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BXC7FJIAZRY3P72XC4Z4UOW2QDA7YX7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPYCYENYQYADCOS6XG4JITUVRZ6HTE2B/","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html","https://crbug.com/1513379","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BXC7FJIAZRY3P72XC4Z4UOW2QDA7YX7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPYCYENYQYADCOS6XG4JITUVRZ6HTE2B/"],"published_time":"2024-01-10T22:15:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0224","summary":"Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00447,"ranking_epss":0.6356,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html","https://crbug.com/1505086","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html","https://crbug.com/1505086","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2024-01-04T02:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0225","summary":"Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00643,"ranking_epss":0.7067,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html","https://crbug.com/1506923","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html","https://crbug.com/1506923","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2024-01-04T02:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0222","summary":"Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00443,"ranking_epss":0.63375,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html","https://crbug.com/1501798","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html","https://crbug.com/1501798","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2024-01-04T02:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0223","summary":"Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.09619,"ranking_epss":0.92899,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html","https://crbug.com/1505009","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html","https://crbug.com/1505009","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2024-01-04T02:15:28","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-7024","summary":"Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02866,"ranking_epss":0.8628,"kev":true,"propose_action":"Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html","https://crbug.com/1513170","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6M6AJDHUL6EDPURWQXGLUFJNDE7SOJT3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JL4VHZMHFGEGQYTF74533ZNRWMCMMR/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5585","https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html","https://crbug.com/1513170","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6M6AJDHUL6EDPURWQXGLUFJNDE7SOJT3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JL4VHZMHFGEGQYTF74533ZNRWMCMMR/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5585","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7024"],"published_time":"2023-12-21T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3742","summary":"Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High)","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01058,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.chromium.org/p/chromium/issues/detail?id=1443292","https://crbug.com/1443292","https://bugs.chromium.org/p/chromium/issues/detail?id=1443292","https://crbug.com/1443292"],"published_time":"2023-12-20T16:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-6702","summary":"Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.51688,"ranking_epss":0.97907,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html","https://crbug.com/1501326","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html","https://crbug.com/1501326","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGJ732QHS2FAYF62RFF3YP4VIQY75K7V/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2023-12-14T22:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-6703","summary":"Use after free in Blink in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00337,"ranking_epss":0.56617,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html","https://crbug.com/1502102","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html","https://crbug.com/1502102","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2023-12-14T22:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-6704","summary":"Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00186,"ranking_epss":0.40356,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html","https://crbug.com/1504792","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html","https://crbug.com/1504792","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2023-12-14T22:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-6705","summary":"Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00357,"ranking_epss":0.58023,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html","https://crbug.com/1505708","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html","https://crbug.com/1505708","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2023-12-14T22:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-6706","summary":"Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00337,"ranking_epss":0.56617,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html","https://crbug.com/1500921","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html","https://crbug.com/1500921","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2023-12-14T22:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-6707","summary":"Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00508,"ranking_epss":0.66351,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html","https://crbug.com/1504036","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html","https://crbug.com/1504036","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2023-12-14T22:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-6508","summary":"Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00684,"ranking_epss":0.71694,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html","https://crbug.com/1497984","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5573","https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html","https://crbug.com/1497984","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5573"],"published_time":"2023-12-06T02:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-6509","summary":"Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00927,"ranking_epss":0.76102,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html","https://crbug.com/1494565","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5573","https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html","https://crbug.com/1494565","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5573"],"published_time":"2023-12-06T02:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-6510","summary":"Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00927,"ranking_epss":0.76102,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html","https://crbug.com/1480152","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5573","https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html","https://crbug.com/1480152","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5573"],"published_time":"2023-12-06T02:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-6511","summary":"Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42302,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html","https://crbug.com/1478613","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5573","https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html","https://crbug.com/1478613","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5573"],"published_time":"2023-12-06T02:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-6512","summary":"Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.005,"ranking_epss":0.66,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html","https://crbug.com/1457702","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5573","https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html","https://crbug.com/1457702","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5573"],"published_time":"2023-12-06T02:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-6345","summary":"Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.0072,"ranking_epss":0.72526,"kev":true,"propose_action":"Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html","https://crbug.com/1505053","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XQNYZZA3X2LBJF57ZHKXWOMJKNLZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5569","https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html","https://crbug.com/1505053","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XQNYZZA3X2LBJF57ZHKXWOMJKNLZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5569","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6345"],"published_time":"2023-11-29T12:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-6346","summary":"Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00356,"ranking_epss":0.57942,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html","https://crbug.com/1500856","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XQNYZZA3X2LBJF57ZHKXWOMJKNLZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5569","https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html","https://crbug.com/1500856","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XQNYZZA3X2LBJF57ZHKXWOMJKNLZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5569"],"published_time":"2023-11-29T12:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-6347","summary":"Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00368,"ranking_epss":0.58747,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html","https://crbug.com/1494461","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XQNYZZA3X2LBJF57ZHKXWOMJKNLZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5569","https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html","https://crbug.com/1494461","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XQNYZZA3X2LBJF57ZHKXWOMJKNLZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5569"],"published_time":"2023-11-29T12:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-6348","summary":"Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00605,"ranking_epss":0.69658,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/176368/Chrome-BindTextSuggestionHostForFrame-Type-Confusion.html","https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html","https://crbug.com/1491459","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XQNYZZA3X2LBJF57ZHKXWOMJKNLZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5569","http://packetstormsecurity.com/files/176368/Chrome-BindTextSuggestionHostForFrame-Type-Confusion.html","https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html","https://crbug.com/1491459","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XQNYZZA3X2LBJF57ZHKXWOMJKNLZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5569"],"published_time":"2023-11-29T12:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-6350","summary":"Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0124,"ranking_epss":0.79261,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html","https://crbug.com/1501766","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XQNYZZA3X2LBJF57ZHKXWOMJKNLZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5569","https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html","https://crbug.com/1501766","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XQNYZZA3X2LBJF57ZHKXWOMJKNLZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5569"],"published_time":"2023-11-29T12:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-6351","summary":"Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0021,"ranking_epss":0.43428,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html","https://crbug.com/1501770","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XQNYZZA3X2LBJF57ZHKXWOMJKNLZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5569","https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html","https://crbug.com/1501770","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XQNYZZA3X2LBJF57ZHKXWOMJKNLZYR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5569"],"published_time":"2023-11-29T12:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5997","summary":"Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00403,"ranking_epss":0.60912,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html","https://crbug.com/1497997","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JHUI5HW7QXT3U74MJMTLUMF5REDO5HD5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN3JQGEC4EFQP3WTI33YBD3CLC3I7P4X/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWHRLW3GDNFBFSBHDD4QOPUPX7ORTUEC/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5556","https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html","https://crbug.com/1497997","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JHUI5HW7QXT3U74MJMTLUMF5REDO5HD5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN3JQGEC4EFQP3WTI33YBD3CLC3I7P4X/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWHRLW3GDNFBFSBHDD4QOPUPX7ORTUEC/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5556"],"published_time":"2023-11-15T18:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-6112","summary":"Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.22788,"ranking_epss":0.95894,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/176721/Chrome-content-NavigationURLLoaderImpl-FallbackToNonInterceptedRequest-Heap-Use-After-Free.html","https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html","https://crbug.com/1499298","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JHUI5HW7QXT3U74MJMTLUMF5REDO5HD5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN3JQGEC4EFQP3WTI33YBD3CLC3I7P4X/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWHRLW3GDNFBFSBHDD4QOPUPX7ORTUEC/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5556","http://packetstormsecurity.com/files/176721/Chrome-content-NavigationURLLoaderImpl-FallbackToNonInterceptedRequest-Heap-Use-After-Free.html","https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html","https://crbug.com/1499298","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JHUI5HW7QXT3U74MJMTLUMF5REDO5HD5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN3JQGEC4EFQP3WTI33YBD3CLC3I7P4X/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWHRLW3GDNFBFSBHDD4QOPUPX7ORTUEC/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5556"],"published_time":"2023-11-15T18:15:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5996","summary":"Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0057,"ranking_epss":0.68652,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html","https://crbug.com/1497859","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5551","https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html","https://crbug.com/1497859","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5551"],"published_time":"2023-11-08T20:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5849","summary":"Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01138,"ranking_epss":0.78423,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1492384","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1492384","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546"],"published_time":"2023-11-01T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5850","summary":"Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00864,"ranking_epss":0.7513,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1281972","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1281972","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546"],"published_time":"2023-11-01T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5851","summary":"Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00437,"ranking_epss":0.63129,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1473957","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1473957","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546"],"published_time":"2023-11-01T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5852","summary":"Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00524,"ranking_epss":0.67017,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1480852","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1480852","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546"],"published_time":"2023-11-01T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5853","summary":"Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00668,"ranking_epss":0.71335,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1456876","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1456876","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546"],"published_time":"2023-11-01T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5854","summary":"Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00524,"ranking_epss":0.67017,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1488267","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1488267","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546"],"published_time":"2023-11-01T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5855","summary":"Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00524,"ranking_epss":0.67017,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1492396","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1492396","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546"],"published_time":"2023-11-01T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5856","summary":"Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00524,"ranking_epss":0.67017,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1493380","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1493380","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546"],"published_time":"2023-11-01T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5857","summary":"Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01245,"ranking_epss":0.79305,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1493435","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1493435","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546"],"published_time":"2023-11-01T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5858","summary":"Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00707,"ranking_epss":0.72213,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1457704","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1457704","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546"],"published_time":"2023-11-01T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5859","summary":"Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00668,"ranking_epss":0.71335,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1482045","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1482045","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546"],"published_time":"2023-11-01T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5480","summary":"Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00226,"ranking_epss":0.45463,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1492698","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1492698","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546"],"published_time":"2023-11-01T18:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5482","summary":"Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.13863,"ranking_epss":0.94318,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1492381","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html","https://crbug.com/1492381","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5546"],"published_time":"2023-11-01T18:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5472","summary":"Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0112,"ranking_epss":0.78267,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_24.html","https://crbug.com/1491296","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5TWIUD4VIISLZWEQ4WLWFZT34T3KOXZB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RA6HMWNOYQ56R35MHW77GVW7373Z4RSN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDMQG42VVOZ5USSI4NSNT3VJPGBPNSIW/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5536","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_24.html","https://crbug.com/1491296","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5TWIUD4VIISLZWEQ4WLWFZT34T3KOXZB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RA6HMWNOYQ56R35MHW77GVW7373Z4RSN/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDMQG42VVOZ5USSI4NSNT3VJPGBPNSIW/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5536"],"published_time":"2023-10-25T18:17:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5485","summary":"Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16758,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1395164","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1395164","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526"],"published_time":"2023-10-11T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5486","summary":"Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00267,"ranking_epss":0.5024,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1357442","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1357442","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526"],"published_time":"2023-10-11T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5487","summary":"Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09806,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1062251","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F5QCMP6KKWPDZZLFU7YXSZDHEKOE7BXO/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4GHJ3FK5NPHDRUR4OJOI4UU6FKSOOGG/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1062251","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F5QCMP6KKWPDZZLFU7YXSZDHEKOE7BXO/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4GHJ3FK5NPHDRUR4OJOI4UU6FKSOOGG/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526"],"published_time":"2023-10-11T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5218","summary":"Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00257,"ranking_epss":0.49116,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1487110","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F5QCMP6KKWPDZZLFU7YXSZDHEKOE7BXO/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4GHJ3FK5NPHDRUR4OJOI4UU6FKSOOGG/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1487110","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F5QCMP6KKWPDZZLFU7YXSZDHEKOE7BXO/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4GHJ3FK5NPHDRUR4OJOI4UU6FKSOOGG/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526"],"published_time":"2023-10-11T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5473","summary":"Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00327,"ranking_epss":0.55679,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1484000","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1484000","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526"],"published_time":"2023-10-11T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5474","summary":"Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00787,"ranking_epss":0.73879,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1483194","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1483194","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526"],"published_time":"2023-10-11T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5475","summary":"Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.13325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1476952","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F5QCMP6KKWPDZZLFU7YXSZDHEKOE7BXO/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4GHJ3FK5NPHDRUR4OJOI4UU6FKSOOGG/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1476952","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F5QCMP6KKWPDZZLFU7YXSZDHEKOE7BXO/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4GHJ3FK5NPHDRUR4OJOI4UU6FKSOOGG/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526"],"published_time":"2023-10-11T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5476","summary":"Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00791,"ranking_epss":0.73932,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1474253","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1474253","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526"],"published_time":"2023-10-11T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5477","summary":"Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10181,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1472558","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1472558","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526"],"published_time":"2023-10-11T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5478","summary":"Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00203,"ranking_epss":0.4239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1472404","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1472404","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526"],"published_time":"2023-10-11T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5479","summary":"Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.15722,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1471253","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1471253","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526"],"published_time":"2023-10-11T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5481","summary":"Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00267,"ranking_epss":0.5024,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1458934","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1458934","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526"],"published_time":"2023-10-11T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5483","summary":"Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29367,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1425355","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1425355","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526"],"published_time":"2023-10-11T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5484","summary":"Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00156,"ranking_epss":0.3637,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1414936","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F5QCMP6KKWPDZZLFU7YXSZDHEKOE7BXO/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4GHJ3FK5NPHDRUR4OJOI4UU6FKSOOGG/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html","https://crbug.com/1414936","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F5QCMP6KKWPDZZLFU7YXSZDHEKOE7BXO/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4GHJ3FK5NPHDRUR4OJOI4UU6FKSOOGG/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5526"],"published_time":"2023-10-11T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5346","summary":"Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01115,"ranking_epss":0.78214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html","https://crbug.com/1485829","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMFDRMWMT6ZBLGLLWSWHHRAUBOSUXQDR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4GHJ3FK5NPHDRUR4OJOI4UU6FKSOOGG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RA6HMWNOYQ56R35MHW77GVW7373Z4RSN/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html","https://crbug.com/1485829","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMFDRMWMT6ZBLGLLWSWHHRAUBOSUXQDR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4GHJ3FK5NPHDRUR4OJOI4UU6FKSOOGG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RA6HMWNOYQ56R35MHW77GVW7373Z4RSN/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2023-10-05T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5186","summary":"Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0122,"ranking_epss":0.79091,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html","https://crbug.com/1478889","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5508","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html","https://crbug.com/1478889","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5508"],"published_time":"2023-09-28T16:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5187","summary":"Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00221,"ranking_epss":0.4475,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html","https://crbug.com/1475798","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5508","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html","https://crbug.com/1475798","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5508"],"published_time":"2023-09-28T16:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5217","summary":"Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03573,"ranking_epss":0.87744,"kev":true,"propose_action":"Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.","ransomware_campaign":"Unknown","references":["http://seclists.org/fulldisclosure/2023/Oct/12","http://seclists.org/fulldisclosure/2023/Oct/16","http://www.openwall.com/lists/oss-security/2023/09/28/5","http://www.openwall.com/lists/oss-security/2023/09/28/6","http://www.openwall.com/lists/oss-security/2023/09/29/1","http://www.openwall.com/lists/oss-security/2023/09/29/11","http://www.openwall.com/lists/oss-security/2023/09/29/12","http://www.openwall.com/lists/oss-security/2023/09/29/14","http://www.openwall.com/lists/oss-security/2023/09/29/2","http://www.openwall.com/lists/oss-security/2023/09/29/7","http://www.openwall.com/lists/oss-security/2023/09/29/9","http://www.openwall.com/lists/oss-security/2023/09/30/1","http://www.openwall.com/lists/oss-security/2023/09/30/2","http://www.openwall.com/lists/oss-security/2023/09/30/3","http://www.openwall.com/lists/oss-security/2023/09/30/4","http://www.openwall.com/lists/oss-security/2023/09/30/5","http://www.openwall.com/lists/oss-security/2023/10/01/1","http://www.openwall.com/lists/oss-security/2023/10/01/2","http://www.openwall.com/lists/oss-security/2023/10/01/5","http://www.openwall.com/lists/oss-security/2023/10/02/6","http://www.openwall.com/lists/oss-security/2023/10/03/11","https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/","https://bugzilla.redhat.com/show_bug.cgi?id=2241191","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html","https://crbug.com/1486441","https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590","https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282","https://github.com/webmproject/libvpx/releases/tag/v1.13.1","https://github.com/webmproject/libvpx/tags","https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://pastebin.com/TdkC4pDv","https://security-tracker.debian.org/tracker/CVE-2023-5217","https://security.gentoo.org/glsa/202310-04","https://security.gentoo.org/glsa/202401-34","https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/","https://support.apple.com/kb/HT213961","https://support.apple.com/kb/HT213972","https://twitter.com/maddiestone/status/1707163313711497266","https://www.debian.org/security/2023/dsa-5508","https://www.debian.org/security/2023/dsa-5509","https://www.debian.org/security/2023/dsa-5510","https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/","https://www.openwall.com/lists/oss-security/2023/09/28/5","http://seclists.org/fulldisclosure/2023/Oct/12","http://seclists.org/fulldisclosure/2023/Oct/16","http://www.openwall.com/lists/oss-security/2023/09/28/5","http://www.openwall.com/lists/oss-security/2023/09/28/6","http://www.openwall.com/lists/oss-security/2023/09/29/1","http://www.openwall.com/lists/oss-security/2023/09/29/11","http://www.openwall.com/lists/oss-security/2023/09/29/12","http://www.openwall.com/lists/oss-security/2023/09/29/14","http://www.openwall.com/lists/oss-security/2023/09/29/2","http://www.openwall.com/lists/oss-security/2023/09/29/7","http://www.openwall.com/lists/oss-security/2023/09/29/9","http://www.openwall.com/lists/oss-security/2023/09/30/1","http://www.openwall.com/lists/oss-security/2023/09/30/2","http://www.openwall.com/lists/oss-security/2023/09/30/3","http://www.openwall.com/lists/oss-security/2023/09/30/4","http://www.openwall.com/lists/oss-security/2023/09/30/5","http://www.openwall.com/lists/oss-security/2023/10/01/1","http://www.openwall.com/lists/oss-security/2023/10/01/2","http://www.openwall.com/lists/oss-security/2023/10/01/5","http://www.openwall.com/lists/oss-security/2023/10/02/6","http://www.openwall.com/lists/oss-security/2023/10/03/11","https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/","https://bugzilla.redhat.com/show_bug.cgi?id=2241191","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html","https://crbug.com/1486441","https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590","https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282","https://github.com/webmproject/libvpx/releases/tag/v1.13.1","https://github.com/webmproject/libvpx/tags","https://lists.debian.org/debian-lts-announce/2023/09/msg00038.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html","https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55YVCZNAVY3Y5E4DWPWMX2SPKZ2E5SOV/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BCVSHVX2RFBU3RMCUFSATVQEJUFD4Q63/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWEJYS5NC7KVFYU3OAMPKQDYN6JQGVK6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE7F54W5O5RS4ZMAAC7YK3CZWQXIDSKB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://pastebin.com/TdkC4pDv","https://security-tracker.debian.org/tracker/CVE-2023-5217","https://security.gentoo.org/glsa/202310-04","https://security.gentoo.org/glsa/202401-34","https://stackdiary.com/google-discloses-a-webm-vp8-bug-tracked-as-cve-2023-5217/","https://support.apple.com/kb/HT213961","https://support.apple.com/kb/HT213972","https://twitter.com/maddiestone/status/1707163313711497266","https://www.debian.org/security/2023/dsa-5508","https://www.debian.org/security/2023/dsa-5509","https://www.debian.org/security/2023/dsa-5510","https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/","https://www.openwall.com/lists/oss-security/2023/09/28/5","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-5217"],"published_time":"2023-09-28T16:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4908","summary":"Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00271,"ranking_epss":0.50619,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://crbug.com/1451543","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5499","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://crbug.com/1451543","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5499"],"published_time":"2023-09-12T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4909","summary":"Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00271,"ranking_epss":0.50619,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://crbug.com/1463293","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5499","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://crbug.com/1463293","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5499"],"published_time":"2023-09-12T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4900","summary":"Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00271,"ranking_epss":0.50619,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://crbug.com/1430867","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5499","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://crbug.com/1430867","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5499"],"published_time":"2023-09-12T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4901","summary":"Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00271,"ranking_epss":0.50619,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://crbug.com/1459281","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5499","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://crbug.com/1459281","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5499"],"published_time":"2023-09-12T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4902","summary":"Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00271,"ranking_epss":0.50619,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://crbug.com/1454515","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5499","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://crbug.com/1454515","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5499"],"published_time":"2023-09-12T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4903","summary":"Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00271,"ranking_epss":0.50619,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://crbug.com/1446709","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5499","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://crbug.com/1446709","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5499"],"published_time":"2023-09-12T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4904","summary":"Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.20802,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://crbug.com/1453501","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5499","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://crbug.com/1453501","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5499"],"published_time":"2023-09-12T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4905","summary":"Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00271,"ranking_epss":0.50619,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://crbug.com/1441228","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5499","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://crbug.com/1441228","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5499"],"published_time":"2023-09-12T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4906","summary":"Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15429,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://crbug.com/1449874","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5499","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://crbug.com/1449874","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5499"],"published_time":"2023-09-12T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4907","summary":"Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00271,"ranking_epss":0.50619,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://crbug.com/1462104","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5499","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html","https://crbug.com/1462104","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5499"],"published_time":"2023-09-12T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4863","summary":"Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.93606,"ranking_epss":0.99837,"kev":true,"propose_action":"Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec.","ransomware_campaign":"Unknown","references":["http://www.openwall.com/lists/oss-security/2023/09/21/4","http://www.openwall.com/lists/oss-security/2023/09/22/1","http://www.openwall.com/lists/oss-security/2023/09/22/3","http://www.openwall.com/lists/oss-security/2023/09/22/4","http://www.openwall.com/lists/oss-security/2023/09/22/5","http://www.openwall.com/lists/oss-security/2023/09/22/6","http://www.openwall.com/lists/oss-security/2023/09/22/7","http://www.openwall.com/lists/oss-security/2023/09/22/8","http://www.openwall.com/lists/oss-security/2023/09/26/1","http://www.openwall.com/lists/oss-security/2023/09/26/7","http://www.openwall.com/lists/oss-security/2023/09/28/1","http://www.openwall.com/lists/oss-security/2023/09/28/2","http://www.openwall.com/lists/oss-security/2023/09/28/4","https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/","https://blog.isosceles.com/the-webp-0day/","https://bugzilla.suse.com/show_bug.cgi?id=1215231","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html","https://crbug.com/1479274","https://en.bandisoft.com/honeyview/history/","https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a","https://github.com/webmproject/libwebp/releases/tag/v1.3.2","https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html","https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863","https://news.ycombinator.com/item?id=37478403","https://security-tracker.debian.org/tracker/CVE-2023-4863","https://security.gentoo.org/glsa/202309-05","https://security.gentoo.org/glsa/202401-10","https://security.netapp.com/advisory/ntap-20230929-0011/","https://sethmlarson.dev/security-developer-in-residence-weekly-report-16","https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/","https://www.bentley.com/advisories/be-2023-0001/","https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/","https://www.debian.org/security/2023/dsa-5496","https://www.debian.org/security/2023/dsa-5497","https://www.debian.org/security/2023/dsa-5498","https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/","http://www.openwall.com/lists/oss-security/2023/09/21/4","http://www.openwall.com/lists/oss-security/2023/09/22/1","http://www.openwall.com/lists/oss-security/2023/09/22/3","http://www.openwall.com/lists/oss-security/2023/09/22/4","http://www.openwall.com/lists/oss-security/2023/09/22/5","http://www.openwall.com/lists/oss-security/2023/09/22/6","http://www.openwall.com/lists/oss-security/2023/09/22/7","http://www.openwall.com/lists/oss-security/2023/09/22/8","http://www.openwall.com/lists/oss-security/2023/09/26/1","http://www.openwall.com/lists/oss-security/2023/09/26/7","http://www.openwall.com/lists/oss-security/2023/09/28/1","http://www.openwall.com/lists/oss-security/2023/09/28/2","http://www.openwall.com/lists/oss-security/2023/09/28/4","https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/","https://blog.isosceles.com/the-webp-0day/","https://bugzilla.suse.com/show_bug.cgi?id=1215231","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html","https://crbug.com/1479274","https://en.bandisoft.com/honeyview/history/","https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a","https://github.com/webmproject/libwebp/releases/tag/v1.3.2","https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html","https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863","https://news.ycombinator.com/item?id=37478403","https://security-tracker.debian.org/tracker/CVE-2023-4863","https://security.gentoo.org/glsa/202309-05","https://security.gentoo.org/glsa/202401-10","https://security.netapp.com/advisory/ntap-20230929-0011/","https://sethmlarson.dev/security-developer-in-residence-weekly-report-16","https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/","https://www.bentley.com/advisories/be-2023-0001/","https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/","https://www.debian.org/security/2023/dsa-5496","https://www.debian.org/security/2023/dsa-5497","https://www.debian.org/security/2023/dsa-5498","https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/","https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4863"],"published_time":"2023-09-12T15:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4761","summary":"Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00368,"ranking_epss":0.58802,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html","https://crbug.com/1476403","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5491","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html","https://crbug.com/1476403","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5491"],"published_time":"2023-09-05T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4762","summary":"Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.64635,"ranking_epss":0.98464,"kev":true,"propose_action":"Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html","https://crbug.com/1473247","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4762","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5491","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html","https://crbug.com/1473247","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4762","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5491","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4762"],"published_time":"2023-09-05T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4763","summary":"Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00618,"ranking_epss":0.70004,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html","https://crbug.com/1469928","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5491","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html","https://crbug.com/1469928","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5491"],"published_time":"2023-09-05T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4764","summary":"Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00153,"ranking_epss":0.36059,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html","https://crbug.com/1447237","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5491","https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html","https://crbug.com/1447237","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5491"],"published_time":"2023-09-05T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4572","summary":"Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00328,"ranking_epss":0.55737,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html","https://crbug.com/1472492","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5487","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html","https://crbug.com/1472492","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5487"],"published_time":"2023-08-29T20:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13690","summary":"Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.0026,"ranking_epss":0.49405,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.chromium.org/p/chromium/issues/detail?id=960111","https://crbug.com/960111","https://bugs.chromium.org/p/chromium/issues/detail?id=960111","https://crbug.com/960111"],"published_time":"2023-08-25T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13689","summary":"Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical)","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00183,"ranking_epss":0.40045,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.chromium.org/p/chromium/issues/detail?id=960109","https://crbug.com/960109","https://bugs.chromium.org/p/chromium/issues/detail?id=960109","https://crbug.com/960109"],"published_time":"2023-08-25T19:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4452","summary":"Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00174,"ranking_epss":0.3887,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugs.chromium.org/p/chromium/issues/detail?id=1372457","https://crbug.com/1372457","https://bugs.chromium.org/p/chromium/issues/detail?id=1372457","https://crbug.com/1372457"],"published_time":"2023-08-25T15:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4427","summary":"Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.79336,"ranking_epss":0.99079,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html","https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html","https://crbug.com/1470668","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5483","http://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html","https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html","https://crbug.com/1470668","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5483"],"published_time":"2023-08-23T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4428","summary":"Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.10929,"ranking_epss":0.93425,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html","https://crbug.com/1470477","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5483","https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html","https://crbug.com/1470477","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5483"],"published_time":"2023-08-23T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4429","summary":"Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00369,"ranking_epss":0.58842,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html","https://crbug.com/1469754","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5483","https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html","https://crbug.com/1469754","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5483"],"published_time":"2023-08-23T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4430","summary":"Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.13133,"ranking_epss":0.94141,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html","https://crbug.com/1469542","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5483","https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html","https://crbug.com/1469542","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5483"],"published_time":"2023-08-23T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4431","summary":"Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00152,"ranking_epss":0.3589,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html","https://crbug.com/1469348","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5483","https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html","https://crbug.com/1469348","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5483"],"published_time":"2023-08-23T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4362","summary":"Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.25555,"ranking_epss":0.9624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1316379","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1316379","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4363","summary":"Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00256,"ranking_epss":0.49042,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1367085","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1367085","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4364","summary":"Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.57112,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1406922","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1406922","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4365","summary":"Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.57112,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1431043","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1431043","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4366","summary":"Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00133,"ranking_epss":0.32923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1450784","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1450784","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4367","summary":"Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.20888,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1467743","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1467743","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4368","summary":"Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.15501,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1467751","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1467751","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4369","summary":"Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22374,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-chromeos_25.html","https://crbug.com/1464456","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-chromeos_25.html","https://crbug.com/1464456"],"published_time":"2023-08-15T18:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4356","summary":"Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00962,"ranking_epss":0.76556,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1449929","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1449929","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4357","summary":"Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.57479,"ranking_epss":0.98166,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1458911","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1458911","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4358","summary":"Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00962,"ranking_epss":0.76556,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1466415","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1466415","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4359","summary":"Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00237,"ranking_epss":0.46832,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1443722","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1443722","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4360","summary":"Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00345,"ranking_epss":0.57112,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1462723","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1462723","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4361","summary":"Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16727,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1465230","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1465230","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4350","summary":"Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00322,"ranking_epss":0.5531,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1454817","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1454817","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4351","summary":"Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00717,"ranking_epss":0.72434,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1465833","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1465833","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4352","summary":"Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01414,"ranking_epss":0.80576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/174669/Chrome-Read-Only-Property-Overwrite.html","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1452076","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","http://packetstormsecurity.com/files/174669/Chrome-Read-Only-Property-Overwrite.html","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1452076","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4353","summary":"Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01372,"ranking_epss":0.8026,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1458046","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1458046","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4354","summary":"Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01969,"ranking_epss":0.83568,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/174949/Chrome-SKIA-Integer-Overflow.html","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1464215","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","http://packetstormsecurity.com/files/174949/Chrome-SKIA-Integer-Overflow.html","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1464215","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4355","summary":"Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.39284,"ranking_epss":0.97298,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/174950/Chrome-Dangling-FixedArray-Pointers-Memory-Corruption.html","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1468943","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","http://packetstormsecurity.com/files/174950/Chrome-Dangling-FixedArray-Pointers-Memory-Corruption.html","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1468943","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2312","summary":"Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00411,"ranking_epss":0.61464,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1448548","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1448548","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4349","summary":"Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00962,"ranking_epss":0.76556,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1458303","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html","https://crbug.com/1458303","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5479"],"published_time":"2023-08-15T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4955","summary":"Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07198,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1349146","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1349146"],"published_time":"2023-08-04T20:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4076","summary":"Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00781,"ranking_epss":0.73752,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1459124","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1459124","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467"],"published_time":"2023-08-03T01:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4077","summary":"Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00156,"ranking_epss":0.36447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1451146","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1451146","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467"],"published_time":"2023-08-03T01:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4078","summary":"Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00156,"ranking_epss":0.36447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1461895","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1461895","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467"],"published_time":"2023-08-03T01:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4068","summary":"Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.03356,"ranking_epss":0.87352,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1466183","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1466183","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467"],"published_time":"2023-08-03T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4069","summary":"Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.04207,"ranking_epss":0.88752,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1465326","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1465326","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467"],"published_time":"2023-08-03T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4070","summary":"Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00151,"ranking_epss":0.35772,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1462951","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1462951","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467"],"published_time":"2023-08-03T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4071","summary":"Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00496,"ranking_epss":0.65833,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1458819","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1458819","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467"],"published_time":"2023-08-03T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4072","summary":"Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00424,"ranking_epss":0.62244,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1464038","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1464038","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467"],"published_time":"2023-08-03T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4073","summary":"Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00702,"ranking_epss":0.7209,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1456243","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1456243","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467"],"published_time":"2023-08-03T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4074","summary":"Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00437,"ranking_epss":0.6312,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1464113","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1464113","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467"],"published_time":"2023-08-03T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-4075","summary":"Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00593,"ranking_epss":0.69318,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1457757","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467","https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html","https://crbug.com/1457757","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202312-07","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5467"],"published_time":"2023-08-03T01:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3736","summary":"Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00132,"ranking_epss":0.32775,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1434438","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1434438","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2023-08-01T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3737","summary":"Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00173,"ranking_epss":0.38679,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1446754","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1446754","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2023-08-01T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3738","summary":"Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00137,"ranking_epss":0.33444,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1434330","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1434330","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2023-08-01T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3739","summary":"Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low)","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00526,"ranking_epss":0.67057,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-chromeos.html","https://crbug.com/1398986","https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-chromeos.html","https://crbug.com/1398986"],"published_time":"2023-08-01T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3740","summary":"Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00127,"ranking_epss":0.32055,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1405223","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1405223","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2023-08-01T23:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3731","summary":"Use after free in Diagnostics in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.16978,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-chromeos.html","https://crbug.com/1441306","https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-chromeos.html","https://crbug.com/1441306"],"published_time":"2023-08-01T23:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3732","summary":"Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00699,"ranking_epss":0.72019,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/174223/Chrome-IPCZ-FragmentDescriptors-Missing-Validation.html","https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1450899","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34","http://packetstormsecurity.com/files/174223/Chrome-IPCZ-FragmentDescriptors-Missing-Validation.html","https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1450899","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2023-08-01T23:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3733","summary":"Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00183,"ranking_epss":0.40062,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1450203","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1450203","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2023-08-01T23:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3734","summary":"Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00173,"ranking_epss":0.38679,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1450376","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1450376","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2023-08-01T23:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3735","summary":"Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00183,"ranking_epss":0.40062,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1394410","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1394410","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2023-08-01T23:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3727","summary":"Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00513,"ranking_epss":0.66566,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1454086","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1454086","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2023-08-01T23:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3728","summary":"Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00513,"ranking_epss":0.66566,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1457421","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1457421","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2023-08-01T23:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3729","summary":"Use after free in Splitscreen in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00483,"ranking_epss":0.65239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-chromeos.html","https://crbug.com/1451803","https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-chromeos.html","https://crbug.com/1451803"],"published_time":"2023-08-01T23:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3730","summary":"Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00484,"ranking_epss":0.65324,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1453465","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34","https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html","https://crbug.com/1453465","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://security.gentoo.org/glsa/202401-34"],"published_time":"2023-08-01T23:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2313","summary":"Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00534,"ranking_epss":0.67454,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1335974","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1335974","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/"],"published_time":"2023-07-29T00:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2314","summary":"Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.08932,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/813542","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/813542","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/"],"published_time":"2023-07-29T00:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4910","summary":"Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15014,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html","https://crbug.com/1279268","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/","https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html","https://crbug.com/1279268","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/"],"published_time":"2023-07-29T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4911","summary":"Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.08962,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html","https://crbug.com/1349493","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/","https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html","https://crbug.com/1349493","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/"],"published_time":"2023-07-29T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4912","summary":"Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00612,"ranking_epss":0.69864,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html","https://crbug.com/1350909","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/","https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html","https://crbug.com/1350909","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/"],"published_time":"2023-07-29T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4913","summary":"Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page. (Chromium security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00156,"ranking_epss":0.36332,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html","https://crbug.com/1183604","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/","https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html","https://crbug.com/1183604","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/"],"published_time":"2023-07-29T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4914","summary":"Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18736,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html","https://crbug.com/1232402","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/","https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html","https://crbug.com/1232402","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/"],"published_time":"2023-07-29T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4915","summary":"Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00156,"ranking_epss":0.36332,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html","https://crbug.com/1329541","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/","https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html","https://crbug.com/1329541","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/"],"published_time":"2023-07-29T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4916","summary":"Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00711,"ranking_epss":0.72293,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html","https://crbug.com/1317714","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/","https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html","https://crbug.com/1317714","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/"],"published_time":"2023-07-29T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4917","summary":"Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0012,"ranking_epss":0.30958,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html","https://crbug.com/1311683","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/","https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html","https://crbug.com/1311683","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/"],"published_time":"2023-07-29T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4918","summary":"Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00711,"ranking_epss":0.72293,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html","https://crbug.com/1315102","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/","https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html","https://crbug.com/1315102","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/"],"published_time":"2023-07-29T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4919","summary":"Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00711,"ranking_epss":0.72293,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html","https://crbug.com/1312450","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/","https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html","https://crbug.com/1312450","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/"],"published_time":"2023-07-29T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4920","summary":"Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00812,"ranking_epss":0.74292,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html","https://crbug.com/1306861","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/","https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html","https://crbug.com/1306861","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKLJ3B3D5BCVWE3QNP4N7HHF26OHD567/"],"published_time":"2023-07-29T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4921","summary":"Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00963,"ranking_epss":0.7658,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html","https://crbug.com/1262902","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html","https://crbug.com/1262902","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"],"published_time":"2023-07-29T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4922","summary":"Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00156,"ranking_epss":0.36332,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html","https://crbug.com/1261191","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html","https://crbug.com/1261191","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"],"published_time":"2023-07-29T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4923","summary":"Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium security severity: Low)","cvss":3.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.1,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17558,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html","https://crbug.com/1251065","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html","https://crbug.com/1251065","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"],"published_time":"2023-07-29T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4924","summary":"Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00752,"ranking_epss":0.73242,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html","https://crbug.com/1272967","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html","https://crbug.com/1272967","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"],"published_time":"2023-07-29T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4925","summary":"Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic. (Chromium security severity: Low)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0009,"ranking_epss":0.25505,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html","https://crbug.com/1238309","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html","https://crbug.com/1238309","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"],"published_time":"2023-07-29T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4926","summary":"Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12397,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html","https://crbug.com/1368230","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html","https://crbug.com/1368230","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"],"published_time":"2023-07-29T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2311","summary":"Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17281,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1354505","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1354505","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/"],"published_time":"2023-07-29T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4316","summary":"Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00121,"ranking_epss":0.31153,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html","https://crbug.com/1152952","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html","https://crbug.com/1152952","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"],"published_time":"2023-07-29T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4317","summary":"Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00963,"ranking_epss":0.7658,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html","https://crbug.com/1260783","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html","https://crbug.com/1260783","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"],"published_time":"2023-07-29T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4318","summary":"Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00963,"ranking_epss":0.7658,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html","https://crbug.com/1237730","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html","https://crbug.com/1237730","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"],"published_time":"2023-07-29T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4319","summary":"Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00963,"ranking_epss":0.7658,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html","https://crbug.com/1214199","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html","https://crbug.com/1214199","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"],"published_time":"2023-07-29T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4320","summary":"Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00963,"ranking_epss":0.7658,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html","https://crbug.com/1224238","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html","https://crbug.com/1224238","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"],"published_time":"2023-07-29T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4321","summary":"Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12266,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html","https://crbug.com/1161891","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html","https://crbug.com/1161891","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"],"published_time":"2023-07-29T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4322","summary":"Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.18971,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html","https://crbug.com/1190550","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html","https://crbug.com/1190550","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"],"published_time":"2023-07-29T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4323","summary":"Insufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to access local files via a crafted Chrome Extension. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.14665,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html","https://crbug.com/1176031","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html","https://crbug.com/1176031","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"],"published_time":"2023-07-29T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4324","summary":"Insufficient policy enforcement in Google Update in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to read arbitrary files via a malicious file. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00141,"ranking_epss":0.34344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html","https://crbug.com/1193233","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/","https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html","https://crbug.com/1193233","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"],"published_time":"2023-07-29T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4906","summary":"Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.32112,"ranking_epss":0.96834,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1382434","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1382434","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/"],"published_time":"2023-07-29T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4907","summary":"Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01448,"ranking_epss":0.80793,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1358168","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/","https://www.debian.org/security/2023/dsa-5552","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1358168","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/","https://www.debian.org/security/2023/dsa-5552"],"published_time":"2023-07-29T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4908","summary":"Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00495,"ranking_epss":0.65823,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html","https://crbug.com/1359122","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/","https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html","https://crbug.com/1359122","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/"],"published_time":"2023-07-29T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4909","summary":"Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. (Chromium security severity: Low)","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.07762,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html","https://crbug.com/1356211","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/","https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html","https://crbug.com/1356211","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/"],"published_time":"2023-07-29T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3598","summary":"Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00534,"ranking_epss":0.67454,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1427865","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1427865","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/"],"published_time":"2023-07-28T21:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3497","summary":"Out of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114.0.5735.90 allowed a local attacker to perform denial of service via physical access to the device. (Chromium security severity: Medium)","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05637,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-chromeos.html","https://crbug.com/1459277","https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-chromeos.html","https://crbug.com/1459277"],"published_time":"2023-07-03T17:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3420","summary":"Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.03957,"ranking_epss":0.88372,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html","https://crbug.com/1452137","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KREKCQTJDVI2AEBG5ECZPSOQXIC2L5XL/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBAHED5YFJPRGSEKNZIYHZBGSVHGEHOH/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5440","https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html","https://crbug.com/1452137","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KREKCQTJDVI2AEBG5ECZPSOQXIC2L5XL/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBAHED5YFJPRGSEKNZIYHZBGSVHGEHOH/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5440"],"published_time":"2023-06-26T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3421","summary":"Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00714,"ranking_epss":0.72388,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html","https://crbug.com/1447568","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KREKCQTJDVI2AEBG5ECZPSOQXIC2L5XL/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBAHED5YFJPRGSEKNZIYHZBGSVHGEHOH/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5440","https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1751","https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html","https://crbug.com/1447568","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KREKCQTJDVI2AEBG5ECZPSOQXIC2L5XL/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBAHED5YFJPRGSEKNZIYHZBGSVHGEHOH/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5440","https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1751"],"published_time":"2023-06-26T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3422","summary":"Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00189,"ranking_epss":0.40721,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html","https://crbug.com/1450397","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KREKCQTJDVI2AEBG5ECZPSOQXIC2L5XL/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBAHED5YFJPRGSEKNZIYHZBGSVHGEHOH/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5440","https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html","https://crbug.com/1450397","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KREKCQTJDVI2AEBG5ECZPSOQXIC2L5XL/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBAHED5YFJPRGSEKNZIYHZBGSVHGEHOH/","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5440"],"published_time":"2023-06-26T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3214","summary":"Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.01847,"ranking_epss":0.83023,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html","https://crbug.com/1450568","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEH75UOM7FAXDUPC37YHP7ONL2HSDIJR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5428","https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html","https://crbug.com/1450568","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEH75UOM7FAXDUPC37YHP7ONL2HSDIJR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5428"],"published_time":"2023-06-13T18:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3215","summary":"Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.20975,"ranking_epss":0.95651,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html","https://crbug.com/1446274","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEH75UOM7FAXDUPC37YHP7ONL2HSDIJR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5428","https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html","https://crbug.com/1446274","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEH75UOM7FAXDUPC37YHP7ONL2HSDIJR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5428"],"published_time":"2023-06-13T18:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3216","summary":"Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00924,"ranking_epss":0.7604,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html","https://crbug.com/1450114","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEH75UOM7FAXDUPC37YHP7ONL2HSDIJR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5428","https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html","https://crbug.com/1450114","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEH75UOM7FAXDUPC37YHP7ONL2HSDIJR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5428"],"published_time":"2023-06-13T18:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3217","summary":"Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.17457,"ranking_epss":0.95088,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/173495/Chrome-device-OpenXrApiWrapper-InitSession-Heap-Use-After-Free.html","https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html","https://crbug.com/1450601","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEH75UOM7FAXDUPC37YHP7ONL2HSDIJR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5428","http://packetstormsecurity.com/files/173495/Chrome-device-OpenXrApiWrapper-InitSession-Heap-Use-After-Free.html","https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html","https://crbug.com/1450601","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEH75UOM7FAXDUPC37YHP7ONL2HSDIJR/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5428"],"published_time":"2023-06-13T18:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3079","summary":"Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.02049,"ranking_epss":0.83893,"kev":true,"propose_action":"Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["http://packetstormsecurity.com/files/176211/Chrome-V8-Type-Confusion.html","http://packetstormsecurity.com/files/176212/Chrome-V8-Type-Confusion-New-Sandbox-Escape.html","https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html","https://crbug.com/1450481","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYTXO5E3FI3I2ETDP3HF4SHYYTFMKMIC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4OXTNIZY4JYHJT7CVLPAJQILI6BISVM/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.couchbase.com/alerts/","https://www.debian.org/security/2023/dsa-5420","http://packetstormsecurity.com/files/176211/Chrome-V8-Type-Confusion.html","http://packetstormsecurity.com/files/176212/Chrome-V8-Type-Confusion-New-Sandbox-Escape.html","https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html","https://crbug.com/1450481","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYTXO5E3FI3I2ETDP3HF4SHYYTFMKMIC/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4OXTNIZY4JYHJT7CVLPAJQILI6BISVM/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.couchbase.com/alerts/","https://www.debian.org/security/2023/dsa-5420","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-3079"],"published_time":"2023-06-05T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2930","summary":"Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00113,"ranking_epss":0.29823,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1443401","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1443401","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418"],"published_time":"2023-05-30T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2931","summary":"Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00366,"ranking_epss":0.58634,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1444238","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1444238","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418"],"published_time":"2023-05-30T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2932","summary":"Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00366,"ranking_epss":0.58634,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1444581","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1444581","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418"],"published_time":"2023-05-30T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2933","summary":"Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0038,"ranking_epss":0.59541,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1445426","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1445426","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418"],"published_time":"2023-05-30T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2934","summary":"Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00813,"ranking_epss":0.7431,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/173259/Chrome-Mojo-Message-Validation-Bypass.html","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1429720","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418","http://packetstormsecurity.com/files/173259/Chrome-Mojo-Message-Validation-Bypass.html","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1429720","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418"],"published_time":"2023-05-30T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2935","summary":"Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.09401,"ranking_epss":0.92799,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/173196/Chrome-v8-internal-Object-SetPropertyWithAccessor-Type-Confusion.html","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1440695","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418","http://packetstormsecurity.com/files/173196/Chrome-v8-internal-Object-SetPropertyWithAccessor-Type-Confusion.html","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1440695","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418"],"published_time":"2023-05-30T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2936","summary":"Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.09401,"ranking_epss":0.92799,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/173197/Chrome-V8-Type-Confusion.html","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1443452","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418","http://packetstormsecurity.com/files/173197/Chrome-V8-Type-Confusion.html","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1443452","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418"],"published_time":"2023-05-30T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2937","summary":"Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00158,"ranking_epss":0.36632,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1413813","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1413813","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418"],"published_time":"2023-05-30T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2938","summary":"Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00158,"ranking_epss":0.36632,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1416350","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1416350","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418"],"published_time":"2023-05-30T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2939","summary":"Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06217,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1427431","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1427431","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418"],"published_time":"2023-05-30T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2940","summary":"Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.06978,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1426807","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1426807","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418"],"published_time":"2023-05-30T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2941","summary":"Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00103,"ranking_epss":0.28087,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1430269","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1430269","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418"],"published_time":"2023-05-30T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2929","summary":"Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.006,"ranking_epss":0.69491,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1410191","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html","https://crbug.com/1410191","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/","https://security.gentoo.org/glsa/202311-11","https://security.gentoo.org/glsa/202401-34","https://www.debian.org/security/2023/dsa-5418"],"published_time":"2023-05-30T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2721","summary":"Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00226,"ranking_epss":0.45386,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html","https://crbug.com/1444360","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/73XUIHJ6UT75VFPDPLJOXJON7MVIKVZI/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXFL4TDAH72PRCPD5UPZMJMKIMVOPLTI/","https://security.gentoo.org/glsa/202309-17","https://security.gentoo.org/glsa/202311-11","https://www.debian.org/security/2023/dsa-5404","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html","https://crbug.com/1444360","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/73XUIHJ6UT75VFPDPLJOXJON7MVIKVZI/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXFL4TDAH72PRCPD5UPZMJMKIMVOPLTI/","https://security.gentoo.org/glsa/202309-17","https://security.gentoo.org/glsa/202311-11","https://www.debian.org/security/2023/dsa-5404"],"published_time":"2023-05-16T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2722","summary":"Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00261,"ranking_epss":0.49471,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html","https://crbug.com/1400905","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/73XUIHJ6UT75VFPDPLJOXJON7MVIKVZI/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXFL4TDAH72PRCPD5UPZMJMKIMVOPLTI/","https://security.gentoo.org/glsa/202309-17","https://security.gentoo.org/glsa/202311-11","https://www.debian.org/security/2023/dsa-5404","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html","https://crbug.com/1400905","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/73XUIHJ6UT75VFPDPLJOXJON7MVIKVZI/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXFL4TDAH72PRCPD5UPZMJMKIMVOPLTI/","https://security.gentoo.org/glsa/202309-17","https://security.gentoo.org/glsa/202311-11","https://www.debian.org/security/2023/dsa-5404"],"published_time":"2023-05-16T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2723","summary":"Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.11797,"ranking_epss":0.93736,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html","https://crbug.com/1435166","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/73XUIHJ6UT75VFPDPLJOXJON7MVIKVZI/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXFL4TDAH72PRCPD5UPZMJMKIMVOPLTI/","https://security.gentoo.org/glsa/202309-17","https://security.gentoo.org/glsa/202311-11","https://www.debian.org/security/2023/dsa-5404","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html","https://crbug.com/1435166","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/73XUIHJ6UT75VFPDPLJOXJON7MVIKVZI/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXFL4TDAH72PRCPD5UPZMJMKIMVOPLTI/","https://security.gentoo.org/glsa/202309-17","https://security.gentoo.org/glsa/202311-11","https://www.debian.org/security/2023/dsa-5404"],"published_time":"2023-05-16T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2724","summary":"Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.15218,"ranking_epss":0.94624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/173131/Chrome-Internal-JavaScript-Object-Access-Via-Origin-Trials.html","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html","https://crbug.com/1433211","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/73XUIHJ6UT75VFPDPLJOXJON7MVIKVZI/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXFL4TDAH72PRCPD5UPZMJMKIMVOPLTI/","https://security.gentoo.org/glsa/202309-17","https://security.gentoo.org/glsa/202311-11","https://www.debian.org/security/2023/dsa-5404","http://packetstormsecurity.com/files/173131/Chrome-Internal-JavaScript-Object-Access-Via-Origin-Trials.html","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html","https://crbug.com/1433211","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/73XUIHJ6UT75VFPDPLJOXJON7MVIKVZI/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXFL4TDAH72PRCPD5UPZMJMKIMVOPLTI/","https://security.gentoo.org/glsa/202309-17","https://security.gentoo.org/glsa/202311-11","https://www.debian.org/security/2023/dsa-5404"],"published_time":"2023-05-16T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2725","summary":"Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.10362,"ranking_epss":0.9322,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html","https://crbug.com/1442516","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/73XUIHJ6UT75VFPDPLJOXJON7MVIKVZI/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXFL4TDAH72PRCPD5UPZMJMKIMVOPLTI/","https://security.gentoo.org/glsa/202309-17","https://security.gentoo.org/glsa/202311-11","https://www.debian.org/security/2023/dsa-5404","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html","https://crbug.com/1442516","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/73XUIHJ6UT75VFPDPLJOXJON7MVIKVZI/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXFL4TDAH72PRCPD5UPZMJMKIMVOPLTI/","https://security.gentoo.org/glsa/202309-17","https://security.gentoo.org/glsa/202311-11","https://www.debian.org/security/2023/dsa-5404"],"published_time":"2023-05-16T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2726","summary":"Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07644,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html","https://crbug.com/1442018","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/73XUIHJ6UT75VFPDPLJOXJON7MVIKVZI/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXFL4TDAH72PRCPD5UPZMJMKIMVOPLTI/","https://security.gentoo.org/glsa/202309-17","https://security.gentoo.org/glsa/202311-11","https://www.debian.org/security/2023/dsa-5404","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html","https://crbug.com/1442018","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/73XUIHJ6UT75VFPDPLJOXJON7MVIKVZI/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXFL4TDAH72PRCPD5UPZMJMKIMVOPLTI/","https://security.gentoo.org/glsa/202309-17","https://security.gentoo.org/glsa/202311-11","https://www.debian.org/security/2023/dsa-5404"],"published_time":"2023-05-16T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2457","summary":"Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0029,"ranking_epss":0.52483,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-chromeos.html","https://crbug.com/1420790","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-chromeos.html","https://crbug.com/1420790"],"published_time":"2023-05-12T18:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2458","summary":"Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0029,"ranking_epss":0.52483,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-chromeos.html","https://crbug.com/1430692","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-chromeos.html","https://crbug.com/1430692"],"published_time":"2023-05-12T18:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2460","summary":"Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09011,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html","https://crbug.com/1419732","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5398","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html","https://crbug.com/1419732","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5398"],"published_time":"2023-05-03T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2461","summary":"Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00556,"ranking_epss":0.68193,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html","https://crbug.com/1350561","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5398","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html","https://crbug.com/1350561","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5398"],"published_time":"2023-05-03T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2462","summary":"Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00303,"ranking_epss":0.53646,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html","https://crbug.com/1375133","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5398","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html","https://crbug.com/1375133","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5398"],"published_time":"2023-05-03T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2463","summary":"Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00303,"ranking_epss":0.53646,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html","https://crbug.com/1406120","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5398","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html","https://crbug.com/1406120","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5398"],"published_time":"2023-05-03T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2464","summary":"Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00184,"ranking_epss":0.40177,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html","https://crbug.com/1418549","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5398","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html","https://crbug.com/1418549","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5398"],"published_time":"2023-05-03T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2465","summary":"Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0026,"ranking_epss":0.49372,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html","https://crbug.com/1399862","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5398","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html","https://crbug.com/1399862","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5398"],"published_time":"2023-05-03T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2466","summary":"Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00303,"ranking_epss":0.53646,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html","https://crbug.com/1385714","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5398","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html","https://crbug.com/1385714","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5398"],"published_time":"2023-05-03T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2467","summary":"Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.08582,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html","https://crbug.com/1413586","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5398","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html","https://crbug.com/1413586","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5398"],"published_time":"2023-05-03T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2468","summary":"Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00303,"ranking_epss":0.53646,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html","https://crbug.com/1416380","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5398","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html","https://crbug.com/1416380","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5398"],"published_time":"2023-05-03T00:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2459","summary":"Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10379,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html","https://crbug.com/1423304","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5398","https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html","https://crbug.com/1423304","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5398"],"published_time":"2023-05-03T00:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-33970","summary":"Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges.","cvss":10.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":10.0,"cvss_v4":null,"epss":0.00432,"ranking_epss":0.62741,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html","https://pastebin.com/Qug7tquW","https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/","https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html","https://pastebin.com/Qug7tquW","https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/"],"published_time":"2023-04-19T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2133","summary":"Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00677,"ranking_epss":0.71542,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html","https://crbug.com/1429197","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5393","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html","https://crbug.com/1429197","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5393"],"published_time":"2023-04-19T04:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2134","summary":"Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00677,"ranking_epss":0.71542,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html","https://crbug.com/1429201","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5393","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html","https://crbug.com/1429201","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5393"],"published_time":"2023-04-19T04:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2135","summary":"Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00505,"ranking_epss":0.66242,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html","https://crbug.com/1424337","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5393","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html","https://crbug.com/1424337","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5393"],"published_time":"2023-04-19T04:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2136","summary":"Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00572,"ranking_epss":0.68716,"kev":true,"propose_action":"Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html","https://crbug.com/1432603","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5393","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html","https://crbug.com/1432603","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5393","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-2136"],"published_time":"2023-04-19T04:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2137","summary":"Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00455,"ranking_epss":0.6388,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html","https://crbug.com/1430644","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5393","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html","https://crbug.com/1430644","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5393"],"published_time":"2023-04-19T04:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-2033","summary":"Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.25181,"ranking_epss":0.96197,"kev":true,"propose_action":"Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html","https://crbug.com/1432210","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/","https://security.gentoo.org/glsa/202309-17","https://www.couchbase.com/alerts/","https://www.debian.org/security/2023/dsa-5390","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html","https://crbug.com/1432210","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/","https://security.gentoo.org/glsa/202309-17","https://www.couchbase.com/alerts/","https://www.debian.org/security/2023/dsa-5390","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-2033"],"published_time":"2023-04-14T19:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1810","summary":"Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00809,"ranking_epss":0.74257,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1414018","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1414018","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386"],"published_time":"2023-04-04T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1811","summary":"Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00534,"ranking_epss":0.67454,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1420510","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1420510","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386"],"published_time":"2023-04-04T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1812","summary":"Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00704,"ranking_epss":0.72139,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1418224","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1418224","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386"],"published_time":"2023-04-04T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1813","summary":"Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18336,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1423258","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1423258","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386"],"published_time":"2023-04-04T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1814","summary":"Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18528,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1417325","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1417325","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386"],"published_time":"2023-04-04T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1815","summary":"Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00558,"ranking_epss":0.68253,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1278708","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1278708","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386"],"published_time":"2023-04-04T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1816","summary":"Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00357,"ranking_epss":0.5799,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1413919","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1413919","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386"],"published_time":"2023-04-04T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1817","summary":"Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00101,"ranking_epss":0.27861,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1418061","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1418061","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386"],"published_time":"2023-04-04T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1818","summary":"Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00558,"ranking_epss":0.68253,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1223346","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1223346","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386"],"published_time":"2023-04-04T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1819","summary":"Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00239,"ranking_epss":0.47047,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1406588","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1406588","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386"],"published_time":"2023-04-04T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1820","summary":"Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00707,"ranking_epss":0.72204,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1408120","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1408120","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386"],"published_time":"2023-04-04T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1821","summary":"Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00298,"ranking_epss":0.5323,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1413618","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1413618","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386"],"published_time":"2023-04-04T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1822","summary":"Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00508,"ranking_epss":0.66352,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1066555","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1066555","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386"],"published_time":"2023-04-04T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1823","summary":"Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18528,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1406900","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386","https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html","https://crbug.com/1406900","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://security.gentoo.org/glsa/202309-17","https://www.debian.org/security/2023/dsa-5386"],"published_time":"2023-04-04T22:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1528","summary":"Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00516,"ranking_epss":0.66728,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html","https://crbug.com/1421773","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html","https://crbug.com/1421773","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-03-21T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1529","summary":"Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00356,"ranking_epss":0.57927,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html","https://crbug.com/1419718","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html","https://crbug.com/1419718","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-03-21T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1530","summary":"Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00458,"ranking_epss":0.64044,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html","https://crbug.com/1419831","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html","https://crbug.com/1419831","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-03-21T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1531","summary":"Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00876,"ranking_epss":0.75335,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html","https://crbug.com/1415330","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/","https://security.gentoo.org/glsa/202309-17","https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1724","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html","https://crbug.com/1415330","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/","https://security.gentoo.org/glsa/202309-17","https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1724"],"published_time":"2023-03-21T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1532","summary":"Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00596,"ranking_epss":0.69376,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/171959/Chrome-media-mojom-VideoFrame-Missing-Validation.html","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html","https://crbug.com/1421268","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/","https://security.gentoo.org/glsa/202309-17","http://packetstormsecurity.com/files/171959/Chrome-media-mojom-VideoFrame-Missing-Validation.html","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html","https://crbug.com/1421268","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-03-21T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1533","summary":"Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00419,"ranking_epss":0.61927,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html","https://crbug.com/1422183","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html","https://crbug.com/1422183","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-03-21T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1534","summary":"Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00403,"ranking_epss":0.60889,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/171961/Chrome-GL_ShaderBinary-Untrusted-Process-Exposure.html","http://packetstormsecurity.com/files/171965/Chrome-SpvGetMappedSamplerName-Out-Of-Bounds-String-Copy.html","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html","https://crbug.com/1422594","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/","https://security.gentoo.org/glsa/202309-17","http://packetstormsecurity.com/files/171961/Chrome-GL_ShaderBinary-Untrusted-Process-Exposure.html","http://packetstormsecurity.com/files/171965/Chrome-SpvGetMappedSamplerName-Out-Of-Bounds-String-Copy.html","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html","https://crbug.com/1422594","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-03-21T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1226","summary":"Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.0785,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1013080","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1013080"],"published_time":"2023-03-07T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1227","summary":"Use after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0025,"ranking_epss":0.48337,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1348791","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1348791"],"published_time":"2023-03-07T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1228","summary":"Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08149,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1365100","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1365100"],"published_time":"2023-03-07T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1229","summary":"Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04422,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1160485","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1160485"],"published_time":"2023-03-07T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1230","summary":"Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.30629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1404230","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1404230"],"published_time":"2023-03-07T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1231","summary":"Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00082,"ranking_epss":0.23948,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1274887","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1274887"],"published_time":"2023-03-07T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1232","summary":"Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20571,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1346924","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1346924"],"published_time":"2023-03-07T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1233","summary":"Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.2345,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1045681","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1045681"],"published_time":"2023-03-07T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1234","summary":"Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00275,"ranking_epss":0.51004,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1404621","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1404621"],"published_time":"2023-03-07T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1235","summary":"Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00195,"ranking_epss":0.41471,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1404704","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1404704"],"published_time":"2023-03-07T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1236","summary":"Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00092,"ranking_epss":0.25792,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1374518","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1374518"],"published_time":"2023-03-07T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1213","summary":"Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00148,"ranking_epss":0.35254,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1411210","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1411210"],"published_time":"2023-03-07T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1214","summary":"Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00245,"ranking_epss":0.47871,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1412487","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1412487"],"published_time":"2023-03-07T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1215","summary":"Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00197,"ranking_epss":0.41715,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1417176","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1417176"],"published_time":"2023-03-07T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1216","summary":"Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00108,"ranking_epss":0.29078,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1417649","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1417649"],"published_time":"2023-03-07T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1217","summary":"Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15017,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1412658","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1412658"],"published_time":"2023-03-07T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1218","summary":"Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00115,"ranking_epss":0.30066,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1413628","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1413628"],"published_time":"2023-03-07T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1219","summary":"Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00194,"ranking_epss":0.41397,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/171795/Chrome-base-debug-ActivityUserData-ActivityUserData-Heap-Buffer-Overflow.html","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1415328","http://packetstormsecurity.com/files/171795/Chrome-base-debug-ActivityUserData-ActivityUserData-Heap-Buffer-Overflow.html","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1415328"],"published_time":"2023-03-07T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1220","summary":"Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00194,"ranking_epss":0.41397,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/171796/Chrome-base-SampleVectorBase-MoveSingleSampleToCounts-Heap-Buffer-Overflow.html","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1417185","http://packetstormsecurity.com/files/171796/Chrome-base-SampleVectorBase-MoveSingleSampleToCounts-Heap-Buffer-Overflow.html","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1417185"],"published_time":"2023-03-07T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1221","summary":"Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.0335,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1385343","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1385343"],"published_time":"2023-03-07T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1222","summary":"Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0014,"ranking_epss":0.34129,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1403515","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1403515"],"published_time":"2023-03-07T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1223","summary":"Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.1619,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1398579","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1398579"],"published_time":"2023-03-07T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1224","summary":"Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.09618,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1403539","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1403539"],"published_time":"2023-03-07T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-1225","summary":"Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.095,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1408799","https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html","https://crbug.com/1408799"],"published_time":"2023-03-07T22:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0927","summary":"Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00331,"ranking_epss":0.56105,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html","https://crbug.com/1414738","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html","https://crbug.com/1414738","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-02-22T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0928","summary":"Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00244,"ranking_epss":0.47752,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html","https://crbug.com/1309035","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html","https://crbug.com/1309035","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-02-22T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0929","summary":"Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00221,"ranking_epss":0.44812,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html","https://crbug.com/1399742","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html","https://crbug.com/1399742","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-02-22T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0930","summary":"Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00548,"ranking_epss":0.6793,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html","https://crbug.com/1410766","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html","https://crbug.com/1410766","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-02-22T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0931","summary":"Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00129,"ranking_epss":0.32292,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html","https://crbug.com/1407701","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html","https://crbug.com/1407701","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-02-22T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0932","summary":"Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0045,"ranking_epss":0.63679,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html","https://crbug.com/1413005","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html","https://crbug.com/1413005","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-02-22T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0933","summary":"Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0038,"ranking_epss":0.59526,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html","https://crbug.com/1404864","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html","https://crbug.com/1404864","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-02-22T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0941","summary":"Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00301,"ranking_epss":0.53445,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html","https://crbug.com/1415366","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html","https://crbug.com/1415366","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-02-22T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0696","summary":"Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00195,"ranking_epss":0.41502,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html","https://crbug.com/1402270","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html","https://crbug.com/1402270","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-02-07T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0697","summary":"Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00133,"ranking_epss":0.32823,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html","https://crbug.com/1341541","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html","https://crbug.com/1341541","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-02-07T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0698","summary":"Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00197,"ranking_epss":0.41642,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html","https://crbug.com/1403573","https://security.gentoo.org/glsa/202309-17","https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1693","https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html","https://crbug.com/1403573","https://security.gentoo.org/glsa/202309-17","https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1693"],"published_time":"2023-02-07T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0699","summary":"Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00355,"ranking_epss":0.57859,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html","https://crbug.com/1371859","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html","https://crbug.com/1371859","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-02-07T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0700","summary":"Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00172,"ranking_epss":0.38433,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html","https://crbug.com/1393732","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html","https://crbug.com/1393732","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-02-07T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0701","summary":"Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00503,"ranking_epss":0.66135,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html","https://crbug.com/1405123","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html","https://crbug.com/1405123","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-02-07T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0702","summary":"Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00221,"ranking_epss":0.44797,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html","https://crbug.com/1316301","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html","https://crbug.com/1316301","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-02-07T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0703","summary":"Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00347,"ranking_epss":0.57327,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html","https://crbug.com/1405574","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html","https://crbug.com/1405574","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-02-07T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0704","summary":"Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00091,"ranking_epss":0.25584,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html","https://crbug.com/1385982","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html","https://crbug.com/1385982","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-02-07T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0705","summary":"Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00349,"ranking_epss":0.57465,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html","https://crbug.com/1238642","https://security.gentoo.org/glsa/202309-17","https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html","https://crbug.com/1238642","https://security.gentoo.org/glsa/202309-17"],"published_time":"2023-02-07T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0471","summary":"Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0029,"ranking_epss":0.52494,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html","https://crbug.com/1376354","https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html","https://crbug.com/1376354"],"published_time":"2023-01-30T09:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0472","summary":"Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0039,"ranking_epss":0.60121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html","https://crbug.com/1405256","https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html","https://crbug.com/1405256"],"published_time":"2023-01-30T09:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0473","summary":"Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00311,"ranking_epss":0.54382,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html","https://crbug.com/1404639","https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html","https://crbug.com/1404639"],"published_time":"2023-01-30T09:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0474","summary":"Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00132,"ranking_epss":0.32706,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html","https://crbug.com/1400841","https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html","https://crbug.com/1400841"],"published_time":"2023-01-30T09:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0134","summary":"Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00107,"ranking_epss":0.28847,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1385709","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1385709","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2023-01-10T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0135","summary":"Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00107,"ranking_epss":0.28847,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1385831","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1385831","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2023-01-10T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0136","summary":"Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00509,"ranking_epss":0.66395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1356987","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1356987","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2023-01-10T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0137","summary":"Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00131,"ranking_epss":0.32549,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1399904","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1399904","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2023-01-10T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0138","summary":"Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00665,"ranking_epss":0.71268,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1346675","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1346675","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2023-01-10T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0139","summary":"Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22324,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1367632","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1367632","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2023-01-10T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0140","summary":"Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00095,"ranking_epss":0.26339,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1326788","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1326788","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2023-01-10T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0141","summary":"Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00114,"ranking_epss":0.30007,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1362331","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1362331","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2023-01-10T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0128","summary":"Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00564,"ranking_epss":0.68441,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1353208","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1353208","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2023-01-10T20:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0129","summary":"Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00149,"ranking_epss":0.35473,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1382033","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1382033","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2023-01-10T20:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0130","summary":"Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00133,"ranking_epss":0.32868,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1370028","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1370028","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2023-01-10T20:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0131","summary":"Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.1489,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1357366","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1357366","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2023-01-10T20:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0132","summary":"Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00115,"ranking_epss":0.3014,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1371215","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1371215","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2023-01-10T20:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0133","summary":"Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.19398,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1375132","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html","https://crbug.com/1375132","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2023-01-10T20:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13768","summary":"Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High)","cvss":7.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.4,"cvss_v4":null,"epss":0.0159,"ranking_epss":0.81669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/922677","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/922677"],"published_time":"2023-01-02T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-21200","summary":"Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low)","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00398,"ranking_epss":0.60645,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html","https://crbug.com/1164816","https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html","https://crbug.com/1164816"],"published_time":"2023-01-02T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-30558","summary":"Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00207,"ranking_epss":0.43136,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html","https://crbug.com/916326","https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html","https://crbug.com/916326"],"published_time":"2023-01-02T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-0337","summary":"Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.11727,"ranking_epss":0.93716,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html","https://crbug.com/1247389","https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html","https://crbug.com/1247389"],"published_time":"2023-01-02T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-0801","summary":"Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00132,"ranking_epss":0.32769,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html","https://crbug.com/1231037","https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html","https://crbug.com/1231037"],"published_time":"2023-01-02T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-2742","summary":"Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chrome security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00303,"ranking_epss":0.53633,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html","https://crbug.com/1319172","https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html","https://crbug.com/1319172"],"published_time":"2023-01-02T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-2743","summary":"Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00391,"ranking_epss":0.60167,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html","https://crbug.com/1316960","https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html","https://crbug.com/1316960"],"published_time":"2023-01-02T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-3842","summary":"Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.03008,"ranking_epss":0.86607,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html","https://crbug.com/1352445","https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html","https://crbug.com/1352445"],"published_time":"2023-01-02T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-3863","summary":"Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00258,"ranking_epss":0.49242,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html","https://crbug.com/1306507","https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html","https://crbug.com/1306507"],"published_time":"2023-01-02T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4025","summary":"Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00143,"ranking_epss":0.34657,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html","https://crbug.com/1260250","https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html","https://crbug.com/1260250"],"published_time":"2023-01-02T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4437","summary":"Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00247,"ranking_epss":0.48033,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html","https://crbug.com/1394692","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html","https://crbug.com/1394692","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-12-14T06:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4438","summary":"Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00247,"ranking_epss":0.48033,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html","https://crbug.com/1381871","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html","https://crbug.com/1381871","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-12-14T06:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4439","summary":"Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00296,"ranking_epss":0.52925,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html","https://crbug.com/1392661","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html","https://crbug.com/1392661","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-12-14T06:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4440","summary":"Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00296,"ranking_epss":0.52925,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html","https://crbug.com/1382761","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html","https://crbug.com/1382761","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-12-14T06:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4436","summary":"Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00296,"ranking_epss":0.52925,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html","https://crbug.com/1383991","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html","https://crbug.com/1383991","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-12-14T06:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4262","summary":"Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.06353,"ranking_epss":0.91017,"kev":true,"propose_action":"Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html","https://crbug.com/1394403","https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html","https://crbug.com/1394403","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-4262"],"published_time":"2022-12-02T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4194","summary":"Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00236,"ranking_epss":0.4661,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1370562","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1370562","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-11-30T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4195","summary":"Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.001,"ranking_epss":0.27597,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1371926","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1371926","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-11-30T00:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4175","summary":"Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00172,"ranking_epss":0.38541,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1381401","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1381401","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-11-30T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4176","summary":"Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00452,"ranking_epss":0.63789,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1361066","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1361066","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-11-30T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4177","summary":"Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00101,"ranking_epss":0.27749,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1379242","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1379242","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-11-30T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4178","summary":"Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.06055,"ranking_epss":0.90761,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1376099","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1376099","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-11-30T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4179","summary":"Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.22222,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1377783","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1377783","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-11-30T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4180","summary":"Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00101,"ranking_epss":0.27749,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1378564","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1378564","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-11-30T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4181","summary":"Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00197,"ranking_epss":0.41762,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1382581","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1382581","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-11-30T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4182","summary":"Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00094,"ranking_epss":0.26224,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1368739","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1368739","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-11-30T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4183","summary":"Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00119,"ranking_epss":0.3082,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1251790","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1251790","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-11-30T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4184","summary":"Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0008,"ranking_epss":0.23544,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1358647","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1358647","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-11-30T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4185","summary":"Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00125,"ranking_epss":0.31697,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1373025","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1373025","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-11-30T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4186","summary":"Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.17964,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1377165","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1377165","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-11-30T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4187","summary":"Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00104,"ranking_epss":0.28331,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1381217","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1381217","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-11-30T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4188","summary":"Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00118,"ranking_epss":0.30736,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1340879","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1340879","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-11-30T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4189","summary":"Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.17964,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1344647","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1344647","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-11-30T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4190","summary":"Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00073,"ranking_epss":0.22091,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1378997","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1378997","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-11-30T00:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4191","summary":"Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium)","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00236,"ranking_epss":0.4661,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1373941","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11","https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html","https://crbug.com/1373941","https://security.gentoo.org/glsa/202305-10","https://security.gentoo.org/glsa/202311-11"],"published_time":"2022-11-30T00:15:10","vendor":null,"product":null,"version":null}]}