聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2026-13782 | Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | 10.0 | 0.29% | 2026-06-30 | 2026-07-02 |
| CVE-2015-8548 | Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478. | 10.0 | 1.20% | 2015-12-14 | 2026-06-16 |
| CVE-2015-8480 | The VideoFramePool::PoolImpl::CreateFrame function in media/base/video_frame_pool.cc in Google Chrome before 47.0.2526.73 does not initialize memory for a video-frame data structure, which might allow remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact by leveraging improper interaction with the vp3_h_loop_filter_c function in libavcodec/vp3dsp.c in FFmpeg. | 10.0 | 1.35% | 2015-12-05 | 2026-06-16 |
| CVE-2015-6791 | Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 10.0 | 1.65% | 2015-12-14 | 2026-06-16 |
| CVE-2015-6788 | The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | 10.0 | 3.18% | 2015-12-14 | 2026-06-16 |
| CVE-2015-6787 | Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 10.0 | 8.12% | 2015-12-05 | 2026-06-16 |
| CVE-2015-6765 | Use-after-free vulnerability in content/browser/appcache/appcache_update_job.cc in Google Chrome before 47.0.2526.73 allows remote attackers to execute arbitrary code or cause a denial of service by leveraging the mishandling of AppCache update jobs. | 10.0 | 4.48% | 2015-12-05 | 2026-06-16 |
| CVE-2015-0565 | NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible. | 10.0 | 13.25% | 2020-02-25 | 2026-06-16 |
| CVE-2014-7917 | Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615. | 10.0 | 0.62% | 2015-09-30 | 2026-06-16 |
| CVE-2014-7916 | Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751. | 10.0 | 0.62% | 2015-09-30 | 2026-06-16 |
| CVE-2014-7915 | Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708. | 10.0 | 0.62% | 2015-09-30 | 2026-06-16 |
| CVE-2014-3188 | Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h. | 10.0 | 5.95% | 2014-10-08 | 2026-06-16 |
| CVE-2014-3177 | Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176. | 10.0 | 3.88% | 2014-08-26 | 2026-06-16 |
| CVE-2014-3176 | Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177. | 10.0 | 9.76% | 2014-08-26 | 2026-06-16 |
| CVE-2014-3175 | Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and other functions in other components. | 10.0 | 1.47% | 2014-08-26 | 2026-06-16 |
| CVE-2014-1708 | The boot implementation in Google Chrome OS before 33.0.1750.152 does not properly consider file persistence, which allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 | 2.02% | 2014-03-16 | 2026-06-16 |
| CVE-2014-1704 | Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 10.0 | 1.49% | 2014-03-16 | 2026-06-16 |
| CVE-2013-2931 | Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.48 allow attackers to execute arbitrary code or possibly have other impact via unknown vectors. | 10.0 | 2.30% | 2013-11-13 | 2026-06-16 |
| CVE-2013-2863 | Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 10.0 | 3.58% | 2013-06-04 | 2026-06-16 |
| CVE-2013-2833 | Use-after-free vulnerability in the O3D plug-in in Google Chrome OS before 26.0.1410.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper management of ownership relationships involving Elements and DrawElements. | 10.0 | 1.61% | 2013-04-16 | 2026-06-16 |