Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High)
Max CVSS
5.3
EPSS Score
0.05%
Published
2024-01-10
Updated
2024-01-18
Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
5.3
EPSS Score
0.13%
Published
2023-08-15
Updated
2024-01-31
Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
5.3
EPSS Score
0.12%
Published
2023-08-15
Updated
2024-01-31
Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
5.4
EPSS Score
0.08%
Published
2023-07-29
Updated
2023-08-10
Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)
Max CVSS
5.4
EPSS Score
0.54%
Published
2022-09-26
Updated
2023-11-25
Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file.
Max CVSS
5.5
EPSS Score
0.11%
Published
2021-11-02
Updated
2022-02-28
Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app.
Max CVSS
5.5
EPSS Score
0.11%
Published
2021-11-02
Updated
2022-02-12
Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.
Max CVSS
5.8
EPSS Score
0.51%
Published
2021-10-08
Updated
2022-02-18
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Max CVSS
5.8
EPSS Score
0.20%
Published
2021-06-07
Updated
2021-12-01
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
Max CVSS
5.5
EPSS Score
0.16%
Published
2021-04-26
Updated
2022-07-12
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
Max CVSS
5.5
EPSS Score
0.16%
Published
2021-04-26
Updated
2021-06-01
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
Max CVSS
5.5
EPSS Score
0.64%
Published
2021-04-26
Updated
2022-07-12
Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low)
Max CVSS
5.4
EPSS Score
0.12%
Published
2023-01-02
Updated
2023-01-09
Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
Max CVSS
5.5
EPSS Score
0.49%
Published
2020-11-03
Updated
2021-07-21
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.
Max CVSS
5.8
EPSS Score
0.46%
Published
2020-03-23
Updated
2022-10-07
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Max CVSS
5.8
EPSS Score
0.37%
Published
2020-02-11
Updated
2020-02-17
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Max CVSS
5.8
EPSS Score
0.37%
Published
2020-02-11
Updated
2020-02-12
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Max CVSS
5.8
EPSS Score
0.45%
Published
2020-02-11
Updated
2022-04-06
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
5.3
EPSS Score
0.20%
Published
2019-11-25
Updated
2022-01-01
Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.
Max CVSS
5.5
EPSS Score
0.05%
Published
2019-11-25
Updated
2022-01-01
Inappropriate implementation in JavaScript in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
5.3
EPSS Score
0.11%
Published
2019-11-25
Updated
2021-07-21
Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.
Max CVSS
5.3
EPSS Score
0.11%
Published
2019-11-25
Updated
2020-08-24
UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.
Max CVSS
5.3
EPSS Score
0.11%
Published
2019-11-25
Updated
2020-08-24
Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Max CVSS
5.5
EPSS Score
0.07%
Published
2019-11-25
Updated
2020-08-24
Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Max CVSS
5.5
EPSS Score
0.07%
Published
2019-11-25
Updated
2020-08-24