Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.08%
Published
2024-01-24
Updated
2024-01-29
Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
7.5
EPSS Score
0.08%
Published
2024-01-24
Updated
2024-01-29
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High)
Max CVSS
5.3
EPSS Score
0.05%
Published
2024-01-10
Updated
2024-01-18
Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)
Max CVSS
6.5
EPSS Score
0.10%
Published
2023-12-06
Updated
2024-02-15
Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.09%
Published
2023-10-11
Updated
2024-01-31
Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.15%
Published
2023-10-11
Updated
2024-01-31
Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.13%
Published
2023-10-11
Updated
2024-01-31
Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.13%
Published
2023-10-11
Updated
2024-01-31
Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)
Max CVSS
6.1
EPSS Score
0.10%
Published
2023-11-01
Updated
2024-01-31
Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.06%
Published
2023-10-11
Updated
2024-01-31
Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-10-11
Updated
2024-01-31
Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Max CVSS
6.3
EPSS Score
0.14%
Published
2023-10-11
Updated
2024-01-31
Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
Max CVSS
6.5
EPSS Score
0.15%
Published
2023-09-05
Updated
2024-01-31
Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.06%
Published
2023-08-15
Updated
2024-01-31
Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
5.3
EPSS Score
0.13%
Published
2023-08-15
Updated
2024-01-31
Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
5.3
EPSS Score
0.12%
Published
2023-08-15
Updated
2024-01-31
Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
Max CVSS
6.5
EPSS Score
0.11%
Published
2023-08-15
Updated
2024-01-31
Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High)
Max CVSS
6.8
EPSS Score
0.05%
Published
2023-12-20
Updated
2024-01-04
Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low)
Max CVSS
6.3
EPSS Score
0.06%
Published
2023-08-01
Updated
2023-08-15
Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-05-30
Updated
2024-01-31
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-05-30
Updated
2024-01-31
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
7.1
EPSS Score
0.07%
Published
2023-05-03
Updated
2023-10-20
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.17%
Published
2023-05-03
Updated
2023-10-20
Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Max CVSS
6.5
EPSS Score
0.09%
Published
2023-07-29
Updated
2023-08-10
Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.09%
Published
2023-07-29
Updated
2023-08-10
1542 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!