Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.51%
Published
2019-11-25
Updated
2022-10-14
Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.36%
Published
2019-11-25
Updated
2022-10-14
Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Max CVSS
4.3
EPSS Score
0.19%
Published
2019-11-25
Updated
2022-10-14
Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable.
Max CVSS
7.8
EPSS Score
0.05%
Published
2019-11-25
Updated
2022-10-14
Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Max CVSS
4.3
EPSS Score
0.19%
Published
2019-11-25
Updated
2022-10-14
Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Max CVSS
4.3
EPSS Score
0.16%
Published
2019-11-25
Updated
2022-10-14
Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.
Max CVSS
4.3
EPSS Score
0.11%
Published
2019-11-25
Updated
2022-01-01
Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Max CVSS
7.8
EPSS Score
0.15%
Published
2019-11-25
Updated
2022-10-14
Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.
Max CVSS
5.5
EPSS Score
0.05%
Published
2019-11-25
Updated
2022-01-01
Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Max CVSS
4.3
EPSS Score
0.19%
Published
2019-11-25
Updated
2022-10-14
Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.19%
Published
2019-11-25
Updated
2022-10-14
Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
Max CVSS
4.3
EPSS Score
0.20%
Published
2019-11-25
Updated
2022-10-14
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
5.3
EPSS Score
0.20%
Published
2019-11-25
Updated
2022-01-01
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.22%
Published
2019-11-25
Updated
2022-01-01
Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL.
Max CVSS
6.1
EPSS Score
0.17%
Published
2019-11-25
Updated
2022-10-14
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Max CVSS
4.3
EPSS Score
0.19%
Published
2019-11-25
Updated
2022-10-14
Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Max CVSS
4.3
EPSS Score
0.16%
Published
2019-11-25
Updated
2022-10-14
Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.
Max CVSS
4.3
EPSS Score
0.19%
Published
2019-11-25
Updated
2022-10-14
Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Max CVSS
4.3
EPSS Score
0.19%
Published
2019-11-25
Updated
2022-10-14
Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.
Max CVSS
4.3
EPSS Score
0.19%
Published
2019-11-25
Updated
2022-10-14
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!