Google : Security Vulnerabilities, CVEs, (XSS) CVSS score >= 4
Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)
Max CVSS
6.1
EPSS Score
0.10%
Published
2023-11-01
Updated
2024-01-31
Critters versions 0.0.17-0.0.19 have an issue when parsing the HTML, which leads to a potential cross-site scripting (XSS) bug. We recommend upgrading to version 0.0.20 of the extension.
Max CVSS
6.1
EPSS Score
0.04%
Published
2023-08-21
Updated
2023-08-25
Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page.
Max CVSS
6.1
EPSS Score
0.15%
Published
2022-07-26
Updated
2022-09-01
Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page.
Max CVSS
6.1
EPSS Score
0.16%
Published
2022-07-26
Updated
2022-09-01
Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)
Max CVSS
6.1
EPSS Score
0.08%
Published
2023-01-02
Updated
2023-01-09
Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.
Max CVSS
6.1
EPSS Score
0.18%
Published
2021-11-23
Updated
2022-02-28
Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Max CVSS
6.1
EPSS Score
0.12%
Published
2021-01-14
Updated
2021-01-19
Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
Max CVSS
6.1
EPSS Score
0.10%
Published
2021-01-08
Updated
2021-01-11
Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
3.00%
Published
2020-09-21
Updated
2021-07-21
Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Max CVSS
6.5
EPSS Score
3.01%
Published
2020-09-21
Updated
2022-04-28
Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page.
Max CVSS
6.1
EPSS Score
0.24%
Published
2020-07-22
Updated
2021-07-21
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents.
Max CVSS
6.1
EPSS Score
0.66%
Published
2020-05-21
Updated
2021-01-28
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
Max CVSS
4.3
EPSS Score
0.37%
Published
2020-02-11
Updated
2022-04-06
Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.
Max CVSS
4.3
EPSS Score
0.27%
Published
2020-02-11
Updated
2022-04-11
Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content.
Max CVSS
8.8
EPSS Score
0.30%
Published
2019-12-10
Updated
2023-01-30
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.
Max CVSS
6.5
EPSS Score
0.51%
Published
2019-02-19
Updated
2019-04-18
Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page.
Max CVSS
6.1
EPSS Score
0.10%
Published
2019-01-09
Updated
2019-01-30
The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page.
Max CVSS
6.1
EPSS Score
0.42%
Published
2019-01-09
Updated
2019-01-29
Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
Max CVSS
6.1
EPSS Score
0.09%
Published
2019-06-27
Updated
2019-07-02
Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Max CVSS
6.1
EPSS Score
0.10%
Published
2019-06-27
Updated
2019-07-01
XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.
Max CVSS
6.1
EPSS Score
0.29%
Published
2018-11-14
Updated
2018-12-14
Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page.
Max CVSS
6.1
EPSS Score
0.40%
Published
2018-11-14
Updated
2018-12-19
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
Max CVSS
6.1
EPSS Score
0.32%
Published
2018-11-14
Updated
2019-10-03
XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.
Max CVSS
4.3
EPSS Score
0.57%
Published
2018-09-25
Updated
2018-11-15
Error reporting within Rendertron 1.0.0 allows reflected Cross Site Scripting (XSS) from invalid URLs.
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-12-17
Updated
2019-01-07