This page lists publicly disclosed CVE vulnerabilities affecting google v8 (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2016-5129 | Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code. | [email protected] | 8.8 | 2.47% | 2016-07-23 | 2026-05-06 |
| CVE-2016-5128 | objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | [email protected] | 8.8 | 1.46% | 2016-07-23 | 2026-05-06 |
| CVE-2016-1688 | The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code. | [email protected] | 6.5 | 4.80% | 2016-06-05 | 2026-05-06 |
| CVE-2016-1678 | objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JavaScript code. | [email protected] | 8.8 | 1.14% | 2016-06-05 | 2026-05-06 |
| CVE-2016-1677 | uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion." | [email protected] | 6.5 | 12.63% | 2016-06-05 | 2026-05-06 |
| CVE-2016-1669 | The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code. | [email protected] | 8.8 | 1.63% | 2016-05-14 | 2026-05-06 |
| CVE-2016-3679 | Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | [email protected] | 8.8 | 0.85% | 2016-03-29 | 2026-05-06 |
| CVE-2016-2843 | Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | [email protected] | 9.8 | 0.89% | 2016-03-06 | 2026-05-06 |
| CVE-2015-8548 | Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478. | [email protected] | 10.0 | 0.82% | 2015-12-14 | 2026-05-06 |
| CVE-2015-8478 | Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.73, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | [email protected] | 7.5 | 0.15% | 2015-12-06 | 2026-05-06 |
| CVE-2015-7834 | Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | [email protected] | 7.5 | 0.19% | 2015-10-15 | 2026-05-06 |
| CVE-2015-6580 | Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before 45.0.2454.85, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | [email protected] | 7.5 | 0.15% | 2015-09-03 | 2026-05-06 |
| CVE-2015-5380 | The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence. | [email protected] | 7.5 | 0.62% | 2015-07-09 | 2026-05-06 |
| CVE-2015-3910 | Multiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as used in Google Chrome before 43.0.2357.65, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | [email protected] | 7.5 | 0.26% | 2015-05-20 | 2026-05-06 |
| CVE-2015-3333 | Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | [email protected] | 7.5 | 0.26% | 2015-04-19 | 2026-05-06 |
| CVE-2015-1242 | The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages "type confusion" in the check-elimination optimization. | [email protected] | 7.5 | 1.65% | 2015-04-19 | 2026-05-06 |
| CVE-2015-2238 | Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | [email protected] | 7.5 | 0.14% | 2015-03-09 | 2026-05-06 |
| CVE-2015-1346 | Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | [email protected] | 7.5 | 0.35% | 2015-01-22 | 2026-05-06 |
| CVE-2014-7967 | Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, as used in Google Chrome before 38.0.2125.101, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | [email protected] | 7.5 | 0.11% | 2014-10-08 | 2026-05-06 |
| CVE-2014-3152 | Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value. | [email protected] | 7.5 | 3.20% | 2014-05-21 | 2026-05-06 |