Threat Encyclopedia

    WEB-CLIENT Google Chrome V8 Engine JSStackCheck Type Confusion -1 (CVE-2023-3420)

    A type confusion vulnerability has been reported in the V8 JavaScript engine of Google Chrome. The vulnerability is due to incorrect side effect modelling of JSStackCheck. A remote attacker could exploit this vulnerability by enticing a user into opening a crafted HTML page. Successful exploitation could result in execution of arbitrary code in the context of the Google Chrome sandbox.

    Updated At: 2024/05/07


    WEB-CLIENT Google Chrome V8 Engine JSStackCheck Type Confusion -2 (CVE-2023-3420)

    A type confusion vulnerability has been reported in the V8 JavaScript engine of Google Chrome. The vulnerability is due to incorrect side effect modelling of JSStackCheck. A remote attacker could exploit this vulnerability by enticing a user into opening a crafted HTML page. Successful exploitation could result in execution of arbitrary code in the context of the Google Chrome sandbox.

    Updated At: 2024/05/07


    WEB-CLIENT Google Chrome Type Confusion Vulnerability (CVE-2020-6418)

    Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

    Updated At: 2022/12/08


    WEB-CLIENT Google Chrome WebAudio Use After Free Vulnerability -1 (CVE-2019-13720)

    CVE-2019-13720 is a use-after-free (UAF) vulnerability in audio for Google Chrome.

    Updated At: 2020/05/06


    WEB-CLIENT Google Chrome V8 Integer Conversion Type Confusion (CVE-2021-21224)

    This vulnerability is due to when Google Chrome V8 JIT engine handle for singed/unsigned integer conversion cause type confusion. An attacker can exploit this vulnerability by tricking users to visit the malicious webpage then execute arbitrary code.

    Updated At: 2022/11/11


    WEB-CLIENT Google Chrome V8 Insufficient Validation (CVE-2021-21220)

    This vulnerability is due to when Google Chrome V8 JIT engine insufficient validation of untrusted input cause incorrect instruction selection on ChangeInt32ToInt64 node. An attacker can exploit this vulnerability by tricking users to visit the malicious webpage then execute arbitrary code.

    Updated At: 2022/11/11


    WEB-CLIENT Google Chrome Remote Code Execution -4 (CVE-2018-17463)

    Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

    Updated At: 2022/10/14


    WEB-CLIENT Google Chrome V8 JavaScript Engine memory corruption (CVE-2020-16009)

    Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

    Updated At: 2022/11/14


    WEB-CLIENT Google Chrome V8 AwaitedPromise Memory Corruption (CVE-2018-6106)

    An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page.

    Updated At: 2021/09/13


    WEB-CLIENT Google Chrome GPU Use After Free (CVE-2021-30573)

    Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

    Updated At: 2022/10/05


    WEB-CLIENT Google Chrome WebGL 2 ReadPixels Heap Buffer Overflow -3 (CVE-2017-5112)

    A heap buffer overflow vulnerability has been reported in the WebGL component of Google Chrome. This vulnerability is due to a missing bounds check after calculating a user-controlled offset into a heap buffer.

    Updated At: 2022/11/21


    WEB-CLIENT Google Chrome V8 Array.indexOf Information Leak (CVE-2017-5040)

    V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page.

    Updated At: 2022/11/21


    WEB-CLIENT Google Chrome WebRTC Heap Buffer Overflow (CVE-2022-2294)

    Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

    Updated At: 2022/09/02


    WEB-CLIENT Google Chrome UpdateAnimationTimingForAnimationFrame Use After Free (CVE-2022-0609)

    Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

    Updated At: 2023/02/15


    WEB-CLIENT Google Chrome V8 Type Confusion (CVE-2021-30551)

    Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

    Updated At: 2023/02/03


    MALWARE-C2 Malicious Chrome Extension Infostealer HTTP Connection -1

    Infostealer which collect user's input, screenshot, browser's cookie and browse history. This infostealer was use Chrome browser extension as stage payload, it also use websocket to transfer bot commands.

    Updated At: 2023/04/21


    WEB-CLIENT Google Chrome PerformLayout Use After Free (CVE-2022-3654)

    Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

    Updated At: 2023/03/31


    WEB-CLIENT Google Chrome Synchronous Mojo Messages Use After Free (CVE-2022-4178)

    Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

    Updated At: 2023/03/31


    WEB-CLIENT Google Chrome NotifyCompleted Use After Free (CVE-2022-3038)

    A use-after-free issue exists in Chrome 105 and earlier versions. Processing maliciously crafted web content may lead to arbitrary code execution in a privileged process.

    Updated At: 2023/05/19


    WEB-CLIENT Google Chrome SetChangePasswordResponseCode Use After Free (CVE-2022-3842)

    Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

    Updated At: 2023/06/29


This website uses cookies to ensure you get the best experience on our website.

Learn more