Shodan
Vulnerabilities
Vulnerable Software
Google:  >> Chrome  >> 104.0.5112.95  Security Vulnerabilities
CVE-2022-2861
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.006
Published
2022-09-26
CVE-2022-2998
Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.045
Published
2022-09-26
CVE-2022-3038
Known exploited
Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.36
Published
2022-09-26
CVE-2022-3039
Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-09-26
CVE-2022-3040
Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-09-26
CVE-2022-2852
Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.015
Published
2022-09-26
CVE-2022-2853
Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.014
Published
2022-09-26
CVE-2013-6662
Google Chrome caches TLS sessions before certificate validation occurs.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-04-13
CVE-2012-4929
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
CVSS Score
2.6
EPSS Score
0.142
Published
2012-09-15
CVE-2012-4930
The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
CVSS Score
2.6
EPSS Score
0.002
Published
2012-09-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved