Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-05-30
Updated
2024-01-31
Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.
Max CVSS
8.8
EPSS Score
0.13%
Published
2022-04-05
Updated
2022-10-27
Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.
Max CVSS
7.8
EPSS Score
0.09%
Published
2021-10-08
Updated
2022-07-12
Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file.
Max CVSS
7.8
EPSS Score
0.10%
Published
2021-08-03
Updated
2022-07-12
Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Max CVSS
6.5
EPSS Score
2.17%
Published
2021-03-09
Updated
2021-12-03
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.
Max CVSS
6.5
EPSS Score
0.17%
Published
2021-02-09
Updated
2021-03-04
Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.
Max CVSS
7.8
EPSS Score
0.05%
Published
2021-02-09
Updated
2022-07-12
Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to perform OS-level privilege escalation via a malicious file.
Max CVSS
7.5
EPSS Score
0.13%
Published
2021-01-08
Updated
2021-01-12
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-09-21
Updated
2023-01-31
Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-05-21
Updated
2022-04-26
Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable.
Max CVSS
7.8
EPSS Score
0.05%
Published
2019-11-25
Updated
2022-10-14
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
Max CVSS
9.6
EPSS Score
0.08%
Published
2023-08-25
Updated
2023-08-31
Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.79%
Published
2019-06-27
Updated
2022-10-11
Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
Max CVSS
5.8
EPSS Score
0.07%
Published
2019-06-27
Updated
2019-07-01
Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.09%
Published
2019-06-27
Updated
2019-07-03
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.09%
Published
2019-06-27
Updated
2019-07-01
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.09%
Published
2019-06-27
Updated
2019-07-01
Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension.
Max CVSS
7.8
EPSS Score
0.05%
Published
2019-06-27
Updated
2019-06-28
Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.13%
Published
2019-06-27
Updated
2019-07-01
An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted HTML page.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-01-09
Updated
2019-10-03
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.50%
Published
2017-01-19
Updated
2018-01-05
The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.90%
Published
2017-01-19
Updated
2018-01-05
Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.
Max CVSS
6.5
EPSS Score
0.50%
Published
2016-12-18
Updated
2018-01-05
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.
Max CVSS
6.5
EPSS Score
0.53%
Published
2016-12-18
Updated
2018-01-05
Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.25%
Published
2016-09-29
Updated
2018-01-05