Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
7.5
EPSS Score
0.08%
Published
2024-01-24
Updated
2024-01-29
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-05-30
Updated
2024-01-31
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
7.1
EPSS Score
0.07%
Published
2023-05-03
Updated
2023-10-20
Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Max CVSS
7.5
EPSS Score
0.25%
Published
2023-04-19
Updated
2023-10-20
Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Max CVSS
7.5
EPSS Score
0.21%
Published
2023-02-07
Updated
2023-10-26
Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Max CVSS
7.5
EPSS Score
0.16%
Published
2023-01-02
Updated
2023-01-09
Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
7.4
EPSS Score
0.12%
Published
2022-11-01
Updated
2022-12-09
Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test.
Max CVSS
7.5
EPSS Score
0.19%
Published
2022-07-26
Updated
2022-09-01
Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
7.5
EPSS Score
0.37%
Published
2022-07-26
Updated
2022-08-30
Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interaction and profile destruction.
Max CVSS
7.5
EPSS Score
0.14%
Published
2022-07-23
Updated
2022-09-01
Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
7.8
EPSS Score
0.05%
Published
2022-02-12
Updated
2022-02-22
Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
7.5
EPSS Score
0.22%
Published
2021-11-02
Updated
2022-02-18
Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows.
Max CVSS
7.4
EPSS Score
0.23%
Published
2021-11-02
Updated
2022-02-18
Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.
Max CVSS
7.8
EPSS Score
0.09%
Published
2021-10-08
Updated
2022-07-12
Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
7.5
EPSS Score
1.05%
Published
2021-08-26
Updated
2021-11-30
Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file.
Max CVSS
7.8
EPSS Score
0.10%
Published
2021-08-03
Updated
2022-07-12
Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
7.4
EPSS Score
0.45%
Published
2021-04-09
Updated
2021-06-07
Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.
Max CVSS
7.8
EPSS Score
0.05%
Published
2021-02-09
Updated
2022-07-12
Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Max CVSS
7.4
EPSS Score
0.10%
Published
2022-02-11
Updated
2022-02-18
Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to perform OS-level privilege escalation via a malicious file.
Max CVSS
7.5
EPSS Score
0.13%
Published
2021-01-08
Updated
2021-01-12
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-11-03
Updated
2021-07-21
Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.
Max CVSS
7.8
EPSS Score
0.10%
Published
2020-11-03
Updated
2021-03-11
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-11-03
Updated
2021-03-11
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-09-21
Updated
2023-01-31
Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Max CVSS
7.6
EPSS Score
0.57%
Published
2020-09-21
Updated
2021-01-27