Microsoft Microsoft Makers of the Windows Operating System and hundreds of products that run on it.

Do you want an email whenever new security vulnerabilities are reported in any Microsoft product?

Products by Microsoft Sorted by Most Security Vulnerabilities since 2018

Microsoft Windows 101941 vulnerabilities

Microsoft Windows Server 20161916 vulnerabilities

Microsoft Windows Server 20191640 vulnerabilities

Microsoft Windows Server 20121218 vulnerabilities

Microsoft Windows 8.11181 vulnerabilities

Microsoft Windows Rt 8 11125 vulnerabilities

Microsoft Windows Server 20081108 vulnerabilities

Microsoft Windows 71100 vulnerabilities

Microsoft Internet Explorer (IE)409 vulnerabilities
Popular web browser for windows

Microsoft Office259 vulnerabilities

Microsoft Sharepoint Server217 vulnerabilities

Microsoft ChakraCore183 vulnerabilities
ChakraCore is the core part of the Chakra JavaScript engine that powers Microsoft Edge

Microsoft Sharepoint Foundation151 vulnerabilities

Microsoft Ie146 vulnerabilities

Microsoft Excel91 vulnerabilities
Spreadsheet Software

Microsoft 365 Apps85 vulnerabilities

Microsoft Office 365 Proplus83 vulnerabilities

Microsoft Office Online Server74 vulnerabilities

Microsoft Windows Server 202272 vulnerabilities

Microsoft Exchange Server70 vulnerabilities

Microsoft Word55 vulnerabilities

Microsoft Visual Studio 201754 vulnerabilities

Microsoft Visual Studio 201954 vulnerabilities

Microsoft Windows Server52 vulnerabilities

Microsoft Office Web Apps47 vulnerabilities

Microsoft Outlook40 vulnerabilities

Microsoft Windows 1138 vulnerabilities

Microsoft Edge Browser33 vulnerabilities
Web Browser based on Chromium

Microsoft Windows XP30 vulnerabilities

Microsoft Dynamics 36530 vulnerabilities

Microsoft Visual Studio Code29 vulnerabilities

Microsoft Edge Chromium28 vulnerabilities

Microsoft Azure Devops Server27 vulnerabilities

Microsoft ASP.NET Core23 vulnerabilities

Microsoft Visual Studio23 vulnerabilities
Developer IDE

Microsoft .NET Core22 vulnerabilities

Microsoft Azure Sphere22 vulnerabilities

Microsoft Powershell Core18 vulnerabilities

Microsoft Windows Vista18 vulnerabilities

Microsoft Windows 2003 Server17 vulnerabilities

Microsoft Project Server16 vulnerabilities

Microsoft Windows 200015 vulnerabilities

Microsoft Excel Viewer15 vulnerabilities

Microsoft Windows Server 200315 vulnerabilities

Microsoft Net8 vulnerabilities

Microsoft Onedrive8 vulnerabilities

Microsoft Skype For Business7 vulnerabilities

Microsoft Office For Mac7 vulnerabilities

Microsoft Dynamics Nav7 vulnerabilities

Microsoft Excel 2013 Rt7 vulnerabilities

Microsoft SQL Server7 vulnerabilities
Database Server

Microsoft Office Word Viewer7 vulnerabilities

Microsoft Outlook Express7 vulnerabilities

Microsoft Powerpoint7 vulnerabilities

Microsoft Lync7 vulnerabilities

Microsoft Windows 986 vulnerabilities

Microsoft Windows 86 vulnerabilities

Microsoft Powerpoint Viewer6 vulnerabilities

Microsoft Lync Server6 vulnerabilities

Microsoft 3d Viewer5 vulnerabilities

Microsoft Windows Me5 vulnerabilities

Microsoft Windows Nt5 vulnerabilities

Microsoft Windows5 vulnerabilities

Microsoft Office 3655 vulnerabilities

Microsoft Access4 vulnerabilities

Microsoft Visual Studio 20154 vulnerabilities

Microsoft Azure Sentinel4 vulnerabilities

Microsoft Outlook Rt4 vulnerabilities

Microsoft Azure Stack Hub4 vulnerabilities

Microsoft Project4 vulnerabilities

Microsoft Teams4 vulnerabilities

Recent Microsoft Security Advisories

Advisory Title Published
CVE-2021-37996 Chromium: CVE-2021-37996 Insufficient validation of untrusted input in Downloads October 21, 2021
CVE-2021-37985 Chromium: CVE-2021-37985 Use after free in V8 October 21, 2021
CVE-2021-37984 Chromium: CVE-2021-37984 Heap buffer overflow in PDFium October 21, 2021
CVE-2021-37981 Chromium: CVE-2021-37981 Heap buffer overflow in Skia October 21, 2021
CVE-2021-42307 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability October 21, 2021
CVE-2021-37988 Chromium: CVE-2021-37988 Use after free in Profiles October 21, 2021
CVE-2021-37987 Chromium: CVE-2021-37987 Use after free in Network APIs October 21, 2021
CVE-2021-37983 Chromium: CVE-2021-37983 Use after free in Dev Tools October 21, 2021
CVE-2021-37982 Chromium: CVE-2021-37982 Use after free in Incognito October 21, 2021
CVE-2021-37989 Chromium: CVE-2021-37989 Inappropriate implementation in Blink October 21, 2021

@msftsecurity Tweets

Discover how to: ☑️ Identify privacy risks and conflicts ☑️ Automate privacy operations and respond to subject ri… https://t.co/4y9MC3heTi
Thu Oct 21 20:00:05 +0000 2021

Cybersecurity needs you. ��‍♀️��‍♂️ Whatever your superpower, we’re actively looking for diverse talent to build the… https://t.co/RvOBTFj5ov
Thu Oct 21 17:45:01 +0000 2021

Cybersecurity tip of the week: you don't need a technical degree to pursue a career in cybersecurity. Check out our… https://t.co/1grfLa377F
Wed Oct 20 22:00:03 +0000 2021

RT @MsftSecIntel: Following the 25th anniversary of Microsoft Sysinternals, we're announcing the availability of a new Microsoft Sysmon rep…
Wed Oct 20 20:30:00 +0000 2021

By the Year

In 2021 there have been 914 vulnerabilities in Microsoft with an average score of 7.5 out of ten. Last year Microsoft had 1189 security vulnerabilities published. Right now, Microsoft is on track to have less security vulnerabilities in 2021 than it did last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.18.

Year Vulnerabilities Average Score
2021 914 7.53
2020 1189 7.36
2019 759 7.23
2018 577 6.88

It may take a day or so for new Microsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Security Vulnerabilities

Microsoft Surface Pro 3 Security Feature Bypass Vulnerability

CVE-2021-42299 - October 20, 2021

Microsoft Surface Pro 3 Security Feature Bypass Vulnerability

Microsoft Exchange Server Denial of Service Vulnerability

CVE-2021-34453 7.5 - High - October 13, 2021

Microsoft Exchange Server Denial of Service Vulnerability

Windows TCP/IP Denial of Service Vulnerability

CVE-2021-36953 7.5 - High - October 13, 2021

Windows TCP/IP Denial of Service Vulnerability

Windows Print Spooler Spoofing Vulnerability

CVE-2021-36970 6.5 - Medium - October 13, 2021

Windows Print Spooler Spoofing Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2021-40443 7.8 - High - October 13, 2021

Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40466, CVE-2021-40467.

Improper Privilege Management

Win32k Elevation of Privilege Vulnerability

CVE-2021-40449 7.8 - High - October 13, 2021

Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40450, CVE-2021-41357.

Improper Privilege Management

Rich Text Edit Control Information Disclosure Vulnerability

CVE-2021-40454 5.5 - Medium - October 13, 2021

Rich Text Edit Control Information Disclosure Vulnerability

Cleartext Storage of Sensitive Information

Windows Installer Spoofing Vulnerability

CVE-2021-40455 5.5 - Medium - October 13, 2021

Windows Installer Spoofing Vulnerability

Windows AD FS Security Feature Bypass Vulnerability

CVE-2021-40456 7.5 - High - October 13, 2021

Windows AD FS Security Feature Bypass Vulnerability

Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability

CVE-2021-40457 6.1 - Medium - October 13, 2021

Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability

XSS

Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

CVE-2021-40475 5.5 - Medium - October 13, 2021

Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

Windows AppContainer Elevation Of Privilege Vulnerability

CVE-2021-40476 7.3 - High - October 13, 2021

Windows AppContainer Elevation Of Privilege Vulnerability

Improper Privilege Management

Windows Event Tracing Elevation of Privilege Vulnerability

CVE-2021-40477 7.8 - High - October 13, 2021

Windows Event Tracing Elevation of Privilege Vulnerability

Improper Privilege Management

Storage Spaces Controller Elevation of Privilege Vulnerability

CVE-2021-40478 7.8 - High - October 13, 2021

Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40488, CVE-2021-40489, CVE-2021-41345.

Improper Privilege Management

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-41344 8.8 - High - October 13, 2021

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40487.

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVE-2021-41348 8 - High - October 13, 2021

Microsoft Exchange Server Elevation of Privilege Vulnerability

Improper Privilege Management

Microsoft Exchange Server Spoofing Vulnerability

CVE-2021-41350 4.3 - Medium - October 13, 2021

Microsoft Exchange Server Spoofing Vulnerability

.NET Core and Visual Studio Information Disclosure Vulnerability

CVE-2021-41355 5.7 - Medium - October 13, 2021

.NET Core and Visual Studio Information Disclosure Vulnerability

Active Directory Federation Server Spoofing Vulnerability

CVE-2021-41361 3.5 - Low - October 13, 2021

Active Directory Federation Server Spoofing Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2021-26427 9.6 - Critical - October 13, 2021

Microsoft Exchange Server Remote Code Execution Vulnerability

Windows Fast FAT File System Driver Information Disclosure Vulnerability

CVE-2021-38662 5.5 - Medium - October 13, 2021

Windows Fast FAT File System Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41343.

Windows exFAT File System Information Disclosure Vulnerability

CVE-2021-38663 5.5 - Medium - October 13, 2021

Windows exFAT File System Information Disclosure Vulnerability

Windows Hyper-V Remote Code Execution Vulnerability

CVE-2021-38672 9 - Critical - October 13, 2021

Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40461.

Win32k Elevation of Privilege Vulnerability

CVE-2021-40450 7.8 - High - October 13, 2021

Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-41357.

Improper Privilege Management

Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability

CVE-2021-40460 6.5 - Medium - October 13, 2021

Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability

Windows Hyper-V Remote Code Execution Vulnerability

CVE-2021-40461 9 - Critical - October 13, 2021

Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38672.

Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability

CVE-2021-40462 7.8 - High - October 13, 2021

Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability

Windows NAT Denial of Service Vulnerability

CVE-2021-40463 6.5 - Medium - October 13, 2021

Windows NAT Denial of Service Vulnerability

Windows Nearby Sharing Elevation of Privilege Vulnerability

CVE-2021-40464 8 - High - October 13, 2021

Windows Nearby Sharing Elevation of Privilege Vulnerability

Improper Privilege Management

Windows Text Shaping Remote Code Execution Vulnerability

CVE-2021-40465 7.8 - High - October 13, 2021

Windows Text Shaping Remote Code Execution Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2021-40466 7.8 - High - October 13, 2021

Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40443, CVE-2021-40467.

Improper Privilege Management

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2021-40467 7.8 - High - October 13, 2021

Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40443, CVE-2021-40466.

Improper Privilege Management

Windows Bind Filter Driver Information Disclosure Vulnerability

CVE-2021-40468 5.5 - Medium - October 13, 2021

Windows Bind Filter Driver Information Disclosure Vulnerability

Windows DNS Server Remote Code Execution Vulnerability

CVE-2021-40469 7.2 - High - October 13, 2021

Windows DNS Server Remote Code Execution Vulnerability

DirectX Graphics Kernel Elevation of Privilege Vulnerability

CVE-2021-40470 7.8 - High - October 13, 2021

DirectX Graphics Kernel Elevation of Privilege Vulnerability

Improper Privilege Management

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-40471 7.8 - High - October 13, 2021

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40473, CVE-2021-40474, CVE-2021-40479, CVE-2021-40485.

Microsoft Excel Information Disclosure Vulnerability

CVE-2021-40472 5.5 - Medium - October 13, 2021

Microsoft Excel Information Disclosure Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-40473 7.8 - High - October 13, 2021

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40474, CVE-2021-40479, CVE-2021-40485.

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-40474 7.8 - High - October 13, 2021

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40473, CVE-2021-40479, CVE-2021-40485.

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-40479 7.8 - High - October 13, 2021

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40473, CVE-2021-40474, CVE-2021-40485.

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2021-40480 7.8 - High - October 13, 2021

Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40481.

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2021-40481 7.8 - High - October 13, 2021

Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40480.

Microsoft SharePoint Server Information Disclosure Vulnerability

CVE-2021-40482 7.5 - High - October 13, 2021

Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2021-40483 3.5 - Low - October 13, 2021

Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-40484.

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2021-40484 3.5 - Low - October 13, 2021

Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-40483.

Microsoft Excel Remote Code Execution Vulnerability

CVE-2021-40485 7.8 - High - October 13, 2021

Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40473, CVE-2021-40474, CVE-2021-40479.

Microsoft Word Remote Code Execution Vulnerability

CVE-2021-40486 7.8 - High - October 13, 2021

Microsoft Word Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2021-40487 8.8 - High - October 13, 2021

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41344.

Storage Spaces Controller Elevation of Privilege Vulnerability

CVE-2021-40488 7.8 - High - October 13, 2021

Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40489, CVE-2021-41345.

Improper Privilege Management

Storage Spaces Controller Elevation of Privilege Vulnerability

CVE-2021-40489 7.8 - High - October 13, 2021

Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-41345.

Improper Privilege Management

Storage Spaces Controller Elevation of Privilege Vulnerability

CVE-2021-26441 7.8 - High - October 13, 2021

Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40478, CVE-2021-40488, CVE-2021-40489, CVE-2021-41345.

Improper Privilege Management

Windows HTTP.sys Elevation of Privilege Vulnerability

CVE-2021-26442 7.8 - High - October 13, 2021

Windows HTTP.sys Elevation of Privilege Vulnerability

Improper Privilege Management

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

CVE-2021-41330 7.8 - High - October 13, 2021

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Windows Media Audio Decoder Remote Code Execution Vulnerability

CVE-2021-41331 7.8 - High - October 13, 2021

Windows Media Audio Decoder Remote Code Execution Vulnerability

Windows Print Spooler Information Disclosure Vulnerability

CVE-2021-41332 6.5 - Medium - October 13, 2021

Windows Print Spooler Information Disclosure Vulnerability

Windows Desktop Bridge Elevation of Privilege Vulnerability

CVE-2021-41334 7.8 - High - October 13, 2021

Windows Desktop Bridge Elevation of Privilege Vulnerability

Improper Privilege Management

Windows Kernel Elevation of Privilege Vulnerability

CVE-2021-41335 7.8 - High - October 13, 2021

Windows Kernel Elevation of Privilege Vulnerability

Improper Privilege Management

Windows Kernel Information Disclosure Vulnerability

CVE-2021-41336 5.5 - Medium - October 13, 2021

Windows Kernel Information Disclosure Vulnerability

Active Directory Security Feature Bypass Vulnerability

CVE-2021-41337 4.9 - Medium - October 13, 2021

Active Directory Security Feature Bypass Vulnerability

Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability

CVE-2021-41338 5.5 - Medium - October 13, 2021

Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability

Microsoft DWM Core Library Elevation of Privilege Vulnerability

CVE-2021-41339 7.8 - High - October 13, 2021

Microsoft DWM Core Library Elevation of Privilege Vulnerability

Improper Privilege Management

Windows Graphics Component Remote Code Execution Vulnerability

CVE-2021-41340 7.8 - High - October 13, 2021

Windows Graphics Component Remote Code Execution Vulnerability

Windows MSHTML Platform Remote Code Execution Vulnerability

CVE-2021-41342 8.8 - High - October 13, 2021

Windows MSHTML Platform Remote Code Execution Vulnerability

Windows Fast FAT File System Driver Information Disclosure Vulnerability

CVE-2021-41343 5.5 - Medium - October 13, 2021

Windows Fast FAT File System Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38662.

Storage Spaces Controller Elevation of Privilege Vulnerability

CVE-2021-41345 7.8 - High - October 13, 2021

Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-40489.

Improper Privilege Management

Console Window Host Security Feature Bypass Vulnerability

CVE-2021-41346 7.8 - High - October 13, 2021

Console Window Host Security Feature Bypass Vulnerability

Windows AppX Deployment Service Elevation of Privilege Vulnerability

CVE-2021-41347 7.8 - High - October 13, 2021

Windows AppX Deployment Service Elevation of Privilege Vulnerability

Improper Privilege Management

SCOM Information Disclosure Vulnerability

CVE-2021-41352 7.5 - High - October 13, 2021

SCOM Information Disclosure Vulnerability

Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability

CVE-2021-41353 3.5 - Low - October 13, 2021

Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CVE-2021-41354 5.4 - Medium - October 13, 2021

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

XSS

Win32k Elevation of Privilege Vulnerability

CVE-2021-41357 7.8 - High - October 13, 2021

Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-40450.

Improper Privilege Management

Intune Management Extension Security Feature Bypass Vulnerability

CVE-2021-41363 6.7 - Medium - October 13, 2021

Intune Management Extension Security Feature Bypass Vulnerability

Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54

CVE-2021-37956 8.8 - High - October 08, 2021

Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in WebGPU in Google Chrome prior to 94.0.4606.54

CVE-2021-37957 8.8 - High - October 08, 2021

Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54

CVE-2021-37958 5.4 - Medium - October 08, 2021

Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.

Use after free in Task Manager in Google Chrome prior to 94.0.4606.54

CVE-2021-37959 8.8 - High - October 08, 2021

Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54

CVE-2021-37961 8.8 - High - October 08, 2021

Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54

CVE-2021-37962 8.8 - High - October 08, 2021

Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54

CVE-2021-37963 4.3 - Medium - October 08, 2021

Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page.

Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54

CVE-2021-37964 3.3 - Low - October 08, 2021

Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file.

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54

CVE-2021-37965 4.3 - Medium - October 08, 2021

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Exposure of Resource to Wrong Sphere

Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54

CVE-2021-37966 4.3 - Medium - October 08, 2021

Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Origin Validation Error

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54

CVE-2021-37967 4.3 - Medium - October 08, 2021

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

Exposure of Resource to Wrong Sphere

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54

CVE-2021-37968 4.3 - Medium - October 08, 2021

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Exposure of Resource to Wrong Sphere

Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54

CVE-2021-37969 7.8 - High - October 08, 2021

Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.

Improper Privilege Management

Use after free in File System API in Google Chrome prior to 94.0.4606.54

CVE-2021-37970 8.8 - High - October 08, 2021

Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54

CVE-2021-37971 4.3 - Medium - October 08, 2021

Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Origin Validation Error

Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54

CVE-2021-37972 8.8 - High - October 08, 2021

Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Out-of-bounds Read

Use after free in Portals in Google Chrome prior to 94.0.4606.61

CVE-2021-37973 9.6 - Critical - October 08, 2021

Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71

CVE-2021-37974 8.8 - High - October 08, 2021

Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in V8 in Google Chrome prior to 94.0.4606.71

CVE-2021-37975 8.8 - High - October 08, 2021

Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71

CVE-2021-37976 6.5 - Medium - October 08, 2021

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82

CVE-2021-30632 8.8 - High - October 08, 2021

Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82

CVE-2021-30633 9.6 - Critical - October 08, 2021

Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Use after free in Selection API in Google Chrome prior to 93.0.4577.82

CVE-2021-30625 8.8 - High - October 08, 2021

Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82

CVE-2021-30626 8.8 - High - October 08, 2021

Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Buffer Overflow

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82

CVE-2021-30627 8.8 - High - October 08, 2021

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82

CVE-2021-30628 8.8 - High - October 08, 2021

Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.

Memory Corruption

Use after free in Permissions in Google Chrome prior to 93.0.4577.82

CVE-2021-30629 8.8 - High - October 08, 2021

Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82

CVE-2021-30630 4.3 - Medium - October 08, 2021

Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

Exposure of Resource to Wrong Sphere

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.