| ID: CVE-2024-3834 |
Title: Use after free in Downloads in Google Chrome prior to 124.0.6367.60 |
Type: Software |
Bulletins:
CVE-2024-3834 |
Severity: High |
| Description: Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2024-04-17 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-3839 |
Title: Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 |
Type: Software |
Bulletins:
CVE-2024-3839 |
Severity: Medium |
| Description: Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2024-04-17 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-3838 |
Title: Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 |
Type: Software |
Bulletins:
CVE-2024-3838 |
Severity: Medium |
| Description: Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2024-04-17 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-3158 |
Title: Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 |
Type: Software |
Bulletins:
CVE-2024-3158 |
Severity: High |
| Description: Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2024-04-06 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-3159 |
Title: Out of bounds memory access in V8 in Google Chrome |
Type: Software |
Bulletins:
CVE-2024-3159 |
Severity: High |
| Description: Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2024-04-06 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-3156 |
Title: Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 |
Type: Software |
Bulletins:
CVE-2024-3156 |
Severity: High |
| Description: Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2024-04-06 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-2627 |
Title: Use after free in Canvas |
Type: Software |
Bulletins:
CVE-2024-2627 |
Severity: High |
| Description: Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2024-03-20 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-2626 |
Title: Out of bounds read in Swiftshader |
Type: Software |
Bulletins:
CVE-2024-2626 |
Severity: Medium |
| Description: Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2024-03-20 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-2625 |
Title: Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 |
Type: Software |
Bulletins:
CVE-2024-2625 |
Severity: High |
| Description: Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2024-03-20 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-2630 |
Title: Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 |
Type: Software |
Bulletins:
CVE-2024-2630 |
Severity: Medium |
| Description: Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| Applies to: |
Created: 2024-03-20 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-2628 |
Title: Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 |
Type: Software |
Bulletins:
CVE-2024-2628 |
Severity: Medium |
| Description: Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2024-03-20 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-2400 |
Title: Use after free in Performance Manager |
Type: Software |
Bulletins:
CVE-2024-2400 |
Severity: High |
| Description: Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2024-03-13 |
Updated: 2024-03-16 |
||
| ID: CVE-2024-1059 |
Title: Use after free in Peer Connection |
Type: Software |
Bulletins:
CVE-2024-1059 |
Severity: High |
| Description: Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2024-01-30 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-1077 |
Title: Use after free in Network in Google Chrome prior to 121.0.6167.139 |
Type: Software |
Bulletins:
CVE-2024-1077 |
Severity: High |
| Description: Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2024-01-30 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0807 |
Title: Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 |
Type: Software |
Bulletins:
CVE-2024-0807 |
Severity: High |
| Description: Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2024-01-24 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0813 |
Title: Use after free in Reading Mode |
Type: Software |
Bulletins:
CVE-2024-0813 |
Severity: High |
| Description: Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2024-01-24 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0806 |
Title: Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. |
Type: Software |
Bulletins:
CVE-2024-0806 |
Severity: High |
| Description: Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2024-01-24 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0804 |
Title: Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 |
Type: Software |
Bulletins:
CVE-2024-0804 |
Severity: High |
| Description: Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| Applies to: |
Created: 2024-01-24 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0810 |
Title: Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. |
Type: Software |
Bulletins:
CVE-2024-0810 |
Severity: Medium |
| Description: Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2024-01-24 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0814 |
Title: Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 |
Type: Software |
Bulletins:
CVE-2024-0814 |
Severity: Medium |
| Description: Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2024-01-24 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0805 |
Title: Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed domain spoofing |
Type: Software |
Bulletins:
CVE-2024-0805 |
Severity: Medium |
| Description: Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) | ||||
| Applies to: |
Created: 2024-01-24 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0809 |
Title: Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 |
Type: Software |
Bulletins:
CVE-2024-0809 |
Severity: Medium |
| Description: Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| Applies to: |
Created: 2024-01-24 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0812 |
Title: Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 |
Type: Software |
Bulletins:
CVE-2024-0812 |
Severity: High |
| Description: Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2024-01-24 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0743 |
Title: Unchecked Return Value in TLS Handshake Code |
Type: Software |
Bulletins:
CVE-2024-0743 |
Severity: High |
| Description: An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122. | ||||
| Applies to: |
Created: 2024-01-23 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0745 |
Title: Stack Buffer Overflow in WebAudio OscillatorNode |
Type: Software |
Bulletins:
CVE-2024-0745 |
Severity: High |
| Description: The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122. | ||||
| Applies to: |
Created: 2024-01-23 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0754 |
Title: Some WASM source files could have caused a crash when loaded in devtools |
Type: Software |
Bulletins:
CVE-2024-0754 |
Severity: Medium |
| Description: Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122. | ||||
| Applies to: |
Created: 2024-01-23 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0751 |
Title: Privilege Escalation via Malicious Devtools Extension |
Type: Software |
Bulletins:
CVE-2024-0751 |
Severity: High |
| Description: A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| Applies to: |
Created: 2024-01-23 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0750 |
Title: Popup Notifications Delay Calculation Vulnerability |
Type: Software |
Bulletins:
CVE-2024-0750 |
Severity: High |
| Description: A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| Applies to: |
Created: 2024-01-23 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0749 |
Title: Phishing site could repurpose about: dialog to show incorrect origin in address bar |
Type: Software |
Bulletins:
CVE-2024-0749 |
Severity: Medium |
| Description: A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7. | ||||
| Applies to: |
Created: 2024-01-23 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0741 |
Title: Out of Bounds Write in ANGLE |
Type: Software |
Bulletins:
CVE-2024-0741 |
Severity: Medium |
| Description: An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| Applies to: |
Created: 2024-01-23 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0755 |
Title: Memory safety bugs in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 |
Type: Software |
Bulletins:
CVE-2024-0755 |
Severity: High |
| Description: Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| Applies to: |
Created: 2024-01-23 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0746 |
Title: Linux User Print Preview Dialog Crash |
Type: Software |
Bulletins:
CVE-2024-0746 |
Severity: Medium |
| Description: A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| Applies to: |
Created: 2024-01-23 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0744 |
Title: JIT Compiled Code Dereference Wild Pointer Crash Vulnerability |
Type: Software |
Bulletins:
CVE-2024-0744 |
Severity: High |
| Description: In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122. | ||||
| Applies to: |
Created: 2024-01-23 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0742 |
Title: Incorrect Timestamp Handling in Browser Prompts |
Type: Software |
Bulletins:
CVE-2024-0742 |
Severity: Medium |
| Description: It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| Applies to: |
Created: 2024-01-23 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0753 |
Title: Bypass of HSTS on Subdomain in Specific Configurations |
Type: Software |
Bulletins:
CVE-2024-0753 |
Severity: Medium |
| Description: In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| Applies to: |
Created: 2024-01-23 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0517 |
Title: Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Type: Software |
Bulletins:
CVE-2024-0517 |
Severity: High |
| Description: Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2024-01-16 |
Updated: 2024-09-07 |
||
| ID: CVE-2024-0222 |
Title: Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 |
Type: Software |
Bulletins:
CVE-2024-0222 |
Severity: High |
| Description: Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| Applies to: |
Created: 2024-01-04 |
Updated: 2024-09-07 |
||
