Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High)
Max CVSS
5.3
EPSS Score
0.05%
Published
2024-01-10
Updated
2024-01-18
Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
5.3
EPSS Score
0.13%
Published
2023-08-15
Updated
2024-01-31
Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
5.3
EPSS Score
0.12%
Published
2023-08-15
Updated
2024-01-31
Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
5.4
EPSS Score
0.08%
Published
2023-07-29
Updated
2023-08-10
Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)
Max CVSS
5.4
EPSS Score
0.40%
Published
2022-09-26
Updated
2023-11-25
Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file.
Max CVSS
5.5
EPSS Score
0.11%
Published
2021-11-02
Updated
2022-02-28
Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app.
Max CVSS
5.5
EPSS Score
0.11%
Published
2021-11-02
Updated
2022-02-12
Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.
Max CVSS
5.8
EPSS Score
0.49%
Published
2021-10-08
Updated
2022-02-18
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Max CVSS
5.8
EPSS Score
0.20%
Published
2021-06-07
Updated
2021-12-01
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
Max CVSS
5.5
EPSS Score
0.16%
Published
2021-04-26
Updated
2022-07-12
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
Max CVSS
5.5
EPSS Score
0.16%
Published
2021-04-26
Updated
2021-06-01
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
Max CVSS
5.5
EPSS Score
0.64%
Published
2021-04-26
Updated
2022-07-12
Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low)
Max CVSS
5.4
EPSS Score
0.12%
Published
2023-01-02
Updated
2023-01-09
Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
Max CVSS
5.5
EPSS Score
0.49%
Published
2020-11-03
Updated
2021-07-21
Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.
Max CVSS
5.8
EPSS Score
0.46%
Published
2020-03-23
Updated
2022-10-07
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Max CVSS
5.8
EPSS Score
0.37%
Published
2020-02-11
Updated
2020-02-17
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Max CVSS
5.8
EPSS Score
0.37%
Published
2020-02-11
Updated
2020-02-12
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Max CVSS
5.8
EPSS Score
0.45%
Published
2020-02-11
Updated
2022-04-06
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
5.3
EPSS Score
0.20%
Published
2019-11-25
Updated
2022-01-01
Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.
Max CVSS
5.5
EPSS Score
0.05%
Published
2019-11-25
Updated
2022-01-01
Inappropriate implementation in JavaScript in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
5.3
EPSS Score
0.11%
Published
2019-11-25
Updated
2021-07-21
Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.
Max CVSS
5.3
EPSS Score
0.11%
Published
2019-11-25
Updated
2020-08-24
UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.
Max CVSS
5.3
EPSS Score
0.11%
Published
2019-11-25
Updated
2020-08-24
Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Max CVSS
5.5
EPSS Score
0.07%
Published
2019-11-25
Updated
2020-08-24
Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Max CVSS
5.5
EPSS Score
0.07%
Published
2019-11-25
Updated
2020-08-24
254 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!