Google : Security Vulnerabilities, CVEs, Published In 2014 (Bypass)
Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site.
Max CVSS
5.0
EPSS Score
0.42%
Published
2014-11-19
Updated
2017-09-08
The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog.
Max CVSS
7.5
EPSS Score
0.47%
Published
2014-01-16
Updated
2020-08-26
2 vulnerabilities found