CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
AI Score
Confidence
High
EPSS
Percentile
72.1%
A vulnerability in the implementation of the CORS mechanism of Microsoft Edge and Google Chrome browsers is related to weaknesses in the
access controls. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and disclose protected information through a specially crafted access control.
existing security restrictions and disclose protected information using a specially crafted
HTML page
V8 JavaScript script handler vulnerability in Microsoft Edge and Google Chrome browsers is related to
accessing a resource via incompatible types. Exploitation of the vulnerability could allow an attacker,
acting remotely, to execute arbitrary code on the target system using a specially crafted
HTML page
A vulnerability in the Dawn component of the Google Chrome browser is caused by an operation exceeding buffer boundaries in memory.
Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page.
using a specially crafted HTML page
A vulnerability in the Dawn component of the Google Chrome browser is related to memory usage after release.
Exploitation of the vulnerability could allow an attacker acting remotely to exploit heap corruption
via a crafted HTML page
A vulnerability in the Audio component of the Audio component of the Microsoft Edge and Google Chrome browsers is related to memory usage
after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely,
disclose protected information using specially crafted PDF files
A vulnerability in the Dawn component of Microsoft Edge and Google Chrome browsers is related to incorrect security checks for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to compromise the privacy of sensitive information.
remotely, to affect the confidentiality, integrity, and availability of protected information using a specially crafted HTML page.
Using a specially crafted HTML page
A vulnerability in the Downloads component of the Google Chrome browser is associated with an incorrect restriction of the visualized layers of the user interface.
visualized layers of the user interface. Exploitation of the vulnerability could allow
an attacker acting remotely to conduct a spoofing attack
Browser UI vulnerability in Microsoft Edge and Google Chrome browsers is related to the use of memory after its release.
memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely,
disclose protected information using a specially crafted HTML page
A vulnerability in the Dawn component of the Google Chrome browser is related to memory usage after it has been freed.
Exploitation of the vulnerability could allow an attacker to execute arbitrary code using a specially crafted HTTP request.
HTTP request
V8 JavaScript script handler vulnerability in Google Chrome browser is related to data type mixing errors.
data type mixing errors. Exploitation of the vulnerability could allow an attacker to execute arbitrary code using a
specially crafted HTML page
A vulnerability in the WebAudio element of the Google Chrome browser is related to a heap buffer overflow.
Exploitation of the vulnerability could allow an attacker acting remotely to exploit the heap corruption
through a crafted HTML page
A vulnerability in the Tab Groups component of Microsoft Edge and Google Chrome browsers is related to a buffer overflow
in the heap. Exploitation of the vulnerability could allow an attacker acting remotely to execute
arbitrary code on the target system or cause a denial of service via a specially crafted
HTML page
A vulnerability in the Memory Allocator component of the Microsoft Edge and Google Chrome browsers is related to an incorrect
security checks for standard elements. Exploitation of the vulnerability could allow an attacker,
acting remotely, to disclose protected information or cause a denial of service via a specially crafted HTML page.
specially crafted HTML page
Vulnerability in the img_alloc_helper() function of the libaom video encoding library is related to integer
overflow. Exploitation of the vulnerability could allow an attacker acting remotely to execute
arbitrary code by transmitting specially crafted data
A vulnerability in the V8 JavaScript script handler of the Google Chrome browser is related to data type mixing errors.
data types. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using specially crafted data.
arbitrary code using a specially crafted web page
Vulnerability in Dawn component of Google Chrome browser is related to writing outside buffer boundaries. Exploitation
vulnerability could allow an attacker acting remotely to exploit the heap corruption via a
a crafted HTML page
V8 JavaScript script handler vulnerability in Google Chrome browser is related to memory usage
after it has been freed. Exploitation of the vulnerability could allow an attacker to execute arbitrary code with a
using a specially crafted HTTP request
V8 JavaScript script handler vulnerability in Google Chrome browser is related to accessing a resource using an incompatible type.
using an incompatible type. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code.
remotely execute arbitrary code through a crafted HTML page
The ANGLE library vulnerability in Google Chrome and Microsoft Edge browsers is related to a buffer overflow in the
dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely,
execute arbitrary code using a specially crafted file
V8 JavaScript script handler V8 vulnerability in Google Chrome browser is related to memory usage
after release. Exploitation of the vulnerability could allow an attacker acting remotely,
exploit heap corruption via a crafted HTML page
A vulnerability in the Dawn component of the Google Chrome and Microsoft Edge browsers is related to memory usage
after it has been freed. Exploitation of the vulnerability could allow an attacker, acting remotely,
compromise the confidentiality, integrity, and availability of protected information by
Uploading a specially crafted malicious HTML page
A vulnerability in the Dawn component of the Google Chrome browser is related to a heap buffer overflow. Exploitation
The vulnerability could allow an attacker acting remotely to write outside of memory via a specially crafted HTML page.
generated HTML page
A vulnerability in Task Scheduling of Google Chrome and Microsoft Edge browsers is related to the
memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker,
acting remotely, to execute arbitrary code using a specially crafted web page
V8 JavaScript script handler vulnerability in Microsoft Edge and Google Chrome browsers is related to memory usage after its release.
memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker,
acting remotely, to disclose protected information using a specially crafted HTML page
Vulnerability in PDF content handler of PDFium in Microsoft Edge and Google Chrome browsers is related to memory usage after its release.
memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker,
acting remotely, to disclose protected information using specially crafted PDF files
A vulnerability in Picture In Picture technology of Google Chrome browser is related to memory usage after its release.
freeing. Exploitation of the vulnerability could allow an attacker acting remotely to execute an arbitrary code using specially crafted PDF files.
arbitrary code using a specially crafted HTML page
A vulnerability in the Presentation API of Google Chrome and Microsoft Edge browsers is related to the use of memory after it has been freed.
memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely,
compromise the confidentiality, integrity, and availability of protected information by
downloading a specially crafted HTML page
A vulnerability in the Keyboard Inputs component of the Google Chrome and Microsoft Edge browsers is related to an operation exceeding the buffer boundaries in memory.
operation beyond the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to compromise the confidentiality of information by uploading a specially crafted HTML page.
remotely, to affect confidentiality, integrity and availability of protected information.
A vulnerability in the Dawn component of Microsoft Edge and Google Chrome browsers is related to memory usage
after it has been freed. Exploitation of the vulnerability could allow a remote attacker to,
execute arbitrary code on the target system using a specially crafted HTML page
V8 JavaScript script handler vulnerability in Google Chrome and Microsoft Edge browsers is related to
data type mixing errors. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code.
remotely execute arbitrary code using a specially crafted web page
A vulnerability in the DevTools web development toolkit for Microsoft Edge and Google Chrome browsers
is related to incorrect security checks for standard elements. Exploitation of the vulnerability could
allow an attacker acting remotely to compromise the system using a specially crafted
Chrome extension
A vulnerability in the ANGLE library of the Google Chrome browser is related to memory usage after release.
Exploitation of the vulnerability could allow an attacker acting remotely to exploit heap corruption
through a crafted HTML page
A vulnerability in the Downloads component of the Microsoft Edge and Google Chrome browsers is related to an
incorrect security checks for standard elements. Exploitation of the vulnerability could allow
a remote attacker to disclose protected information or cause a denial of service
A vulnerability in the Media Session API of the Google Chrome and Microsoft Edge browsers is related to the
memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker,
acting remotely, to execute arbitrary code by downloading a specially crafted malicious HTML page.
HTML page
A vulnerability in the Visuals component of the Google Chrome browser is related to the ability to use memory after it has been freed.
release. Exploitation of the vulnerability could allow an attacker acting remotely to execute
arbitrary code, provided the user opens a specially crafted web page
A vulnerability in the implementation of WebRTC technology in Google Chrome and Microsoft Edge browsers is related to an operation exceeding the buffer boundaries in memory.
operation beyond the memory buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to affect the confidentiality of a user’s web page.
remotely to affect the confidentiality, integrity and availability of protected information
by downloading a specially crafted HTML page
Tab Strip tab control vulnerability in Microsoft Edge and Google Chrome browsers is related to
Heap buffer overflow. Exploitation of the vulnerability could allow an attacker acting
remotely to execute arbitrary code or cause a denial of service via a specially crafted
HTML page
A vulnerability in the Streams API of Google Chrome and Microsoft Edge browsers is related to an operation exceeding the
buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely,
execute arbitrary code by loading a specially crafted malicious HTML page
A vulnerability in the JavaScript script handler V8 of the Google Chrome browser is related to writing outside the boundaries of the
buffer. Exploitation of the vulnerability could allow an attacker acting remotely to perform an out-of-memory write via a crafted HTML page.
out-of-memory writes through a crafted HTML page
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
AI Score
Confidence
High
EPSS
Percentile
72.1%