Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-8277

Summary
Assigner-qualcomm
Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At-21 Sep, 2017 | 15:00
Updated At-05 Aug, 2024 | 16:34
Rejected At-
Credits

In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. However the client was not removed from list. Use-after-free would occur when traversing the list next time.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qualcomm
Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At:21 Sep, 2017 | 15:00
Updated At:05 Aug, 2024 | 16:34
Rejected At:
▼CVE Numbering Authority (CNA)

In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. However the client was not removed from list. Use-after-free would occur when traversing the list next time.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://source.android.com/security/bulletin/2017-09-01
x_refsource_CONFIRM
http://www.securityfocus.com/bid/100658
vdb-entry
x_refsource_BID
Hyperlink: https://source.android.com/security/bulletin/2017-09-01
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/100658
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://source.android.com/security/bulletin/2017-09-01
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/100658
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://source.android.com/security/bulletin/2017-09-01
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/100658
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@qualcomm.com
Published At:21 Sep, 2017 | 15:29
Updated At:13 May, 2026 | 00:24

In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. However the client was not removed from list. Use-after-free would occur when traversing the list next time.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Google LLC
google
>>android>>Versions up to 8.0(inclusive)
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Primarynvd@nist.gov
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/100658product-security@qualcomm.com
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2017-09-01product-security@qualcomm.com
Patch
Vendor Advisory
http://www.securityfocus.com/bid/100658af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2017-09-01af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/100658
Source: product-security@qualcomm.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://source.android.com/security/bulletin/2017-09-01
Source: product-security@qualcomm.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/100658
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://source.android.com/security/bulletin/2017-09-01
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

4052Records found
CVE-2016-7879
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.79% / 88.38%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 06:31
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osAdobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier
CWE ID-CWE-416
Use After Free
CVE-2016-7872
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.79% / 88.38%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 06:31
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation levels. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osAdobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier
CWE ID-CWE-416
Use After Free
CVE-2016-7878
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.79% / 88.38%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 06:31
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK's MediaPlayer class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-windows_10mac_os_xwindows_8.1windowsflash_playerlinux_kernelflash_player_desktop_runtimechrome_osAdobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier
CWE ID-CWE-416
Use After Free
CVE-2016-5156
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.54% / 81.81%
||
7 Day CHG~0.00%
Published-11 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aGoogle LLCopenSUSE
Product-leapchromen/a
CWE ID-CWE-416
Use After Free
CVE-2016-5151
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.04% / 77.89%
||
7 Day CHG~0.00%
Published-11 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.

Action-Not Available
Vendor-n/aGoogle LLCopenSUSE
Product-leapchromen/a
CWE ID-CWE-416
Use After Free
CVE-2016-5211
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.54% / 68.27%
||
7 Day CHG~0.00%
Published-19 Jan, 2017 | 05:43
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromeGoogle Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android
CWE ID-CWE-416
Use After Free
CVE-2016-5177
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.91% / 83.73%
||
7 Day CHG~0.00%
Published-23 May, 2017 | 03:56
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLCRed Hat, Inc.Debian GNU/LinuxFedora Project
Product-enterprise_linux_server_supplementarydebian_linuxleapfedorachromeenterprise_linux_workstation_supplementaryopensusen/a
CWE ID-CWE-416
Use After Free
CVE-2016-5219
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.3||MEDIUM
EPSS-0.53% / 67.93%
||
7 Day CHG~0.00%
Published-19 Jan, 2017 | 05:43
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromeGoogle Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android
CWE ID-CWE-416
Use After Free
CVE-2016-5131
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-3.69% / 88.24%
||
7 Day CHG~0.00%
Published-23 Jul, 2016 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.openSUSEGoogle LLCSUSERed Hat, Inc.libxml2 (XMLSoft)Debian GNU/Linux
Product-watchosubuntu_linuxdebian_linuxmac_os_xenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktoplinux_enterpriseopensuseleapiphone_oschrometvoslibxml2n/a
CWE ID-CWE-416
Use After Free
CVE-2016-5213
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.51% / 67.00%
||
7 Day CHG~0.00%
Published-19 Jan, 2017 | 05:43
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromeGoogle Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android
CWE ID-CWE-416
Use After Free
CVE-2016-5215
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.3||MEDIUM
EPSS-0.49% / 66.18%
||
7 Day CHG~0.00%
Published-19 Jan, 2017 | 05:43
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromeGoogle Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android
CWE ID-CWE-416
Use After Free
CVE-2016-5183
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.86% / 75.51%
||
7 Day CHG~0.00%
Published-18 Dec, 2016 | 03:34
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromeChrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android
CWE ID-CWE-416
Use After Free
CVE-2021-4065
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.17% / 79.16%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:45
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2016-5136
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.99% / 84.03%
||
7 Day CHG~0.00%
Published-23 Jul, 2016 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-416
Use After Free
CVE-2021-4067
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.38% / 80.72%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:45
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-4102
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-5.46% / 90.43%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 22:55
Updated-24 Oct, 2025 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-12-29||Apply updates per vendor instructions.

Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChromeChromium V8
CWE ID-CWE-416
Use After Free
CVE-2021-4057
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-3.64% / 88.15%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:45
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-4053
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.83% / 75.14%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:45
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-37983
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.13% / 78.83%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 21:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCDebian GNU/Linux
Product-chromedebian_linuxChrome
CWE ID-CWE-416
Use After Free
CVE-2021-38011
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.77% / 74.00%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-38008
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.45% / 81.24%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-37998
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.89% / 76.10%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 21:30
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-37957
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.38% / 59.87%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 21:30
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-38002
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.83% / 75.00%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 21:30
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-37974
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.21% / 79.46%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 21:50
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-37988
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.09% / 78.46%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 21:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCDebian GNU/Linux
Product-chromedebian_linuxChrome
CWE ID-CWE-416
Use After Free
CVE-2021-37977
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.77% / 74.00%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 20:25
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-37973
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-14.78% / 94.67%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 21:40
Updated-24 Oct, 2025 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-fedoradebian_linuxchromeChromeChromium Portals
CWE ID-CWE-416
Use After Free
CVE-2021-38006
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.04% / 77.92%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-37959
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.63%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 21:30
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-37970
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.43% / 85.52%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 21:30
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-37993
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.55% / 81.87%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 21:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCDebian GNU/Linux
Product-chromedebian_linuxChrome
CWE ID-CWE-416
Use After Free
CVE-2021-37956
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.47% / 64.95%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 21:30
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-37987
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.55% / 81.87%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 21:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCDebian GNU/Linux
Product-chromedebian_linuxChrome
CWE ID-CWE-416
Use After Free
CVE-2018-6031
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.48% / 81.49%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CVE-2018-6118
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.03% / 77.84%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2021-37975
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-62.98% / 98.42%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 00:00
Updated-24 Oct, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-fedoradebian_linuxchromeChromeChromium V8
CWE ID-CWE-416
Use After Free
CVE-2018-6268
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.64%
||
7 Day CHG~0.00%
Published-13 Feb, 2019 | 22:00
Updated-17 Sep, 2024 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Tegra library contains a vulnerability in libnvmmlite_video.so, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges. Android ID: A-80433161.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CVE-2021-21232
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.71% / 82.80%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 20:15
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-21110
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-23.07% / 96.06%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 17:56
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2018-5846
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.34%
||
7 Day CHG~0.00%
Published-06 Jun, 2018 | 21:00
Updated-17 Sep, 2024 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EMBMS_CONNECTED are called in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-416
Use After Free
CVE-2018-6054
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.37% / 80.68%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CVE-2021-37961
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.74% / 73.36%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 21:30
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2021-37982
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.13% / 78.83%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 21:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCDebian GNU/Linux
Product-chromedebian_linuxChrome
CWE ID-CWE-416
Use After Free
CVE-2016-5216
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.3||MEDIUM
EPSS-0.46% / 64.83%
||
7 Day CHG~0.00%
Published-19 Jan, 2017 | 05:43
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromeGoogle Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android
CWE ID-CWE-416
Use After Free
CVE-2018-21085
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.13% / 32.73%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 14:45
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant use-after-free in vnswap_deinit_backing_storage. The Samsung ID is SVE-2017-11176 (February 2018).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2016-5171
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.84% / 75.26%
||
7 Day CHG~0.00%
Published-25 Sep, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-416
Use After Free
CVE-2018-21084
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.11% / 29.83%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 14:46
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.x) software. There is a race condition with a resultant read-after-free issue in get_kek. The Samsung ID is SVE-2017-11174 (February 2018).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2018-20066
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.38% / 59.81%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 19:00
Updated-05 Aug, 2024 | 11:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2016-5170
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.84% / 75.26%
||
7 Day CHG~0.00%
Published-25 Sep, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 81
  • 82
  • Next
Details not found