# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
4151 |
CVE-2019-5834 |
20 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
4152 |
CVE-2019-5833 |
264 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page. |
4153 |
CVE-2019-5832 |
284 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
4154 |
CVE-2019-5831 |
119 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
4155 |
CVE-2019-5830 |
284 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
4156 |
CVE-2019-5829 |
416 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
4157 |
CVE-2019-5828 |
416 |
|
|
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
4158 |
CVE-2019-5827 |
190 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
4159 |
CVE-2019-5824 |
119 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
4160 |
CVE-2019-5823 |
601 |
|
Bypass |
2019-06-27 |
2019-07-25 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
4161 |
CVE-2019-5822 |
284 |
|
Bypass |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. |
4162 |
CVE-2019-5821 |
190 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
4163 |
CVE-2019-5820 |
190 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
4164 |
CVE-2019-5819 |
20 |
|
Exec Code |
2019-06-27 |
2019-07-25 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard. |
4165 |
CVE-2019-5818 |
200 |
|
+Info |
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. |
4166 |
CVE-2019-5817 |
119 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
4167 |
CVE-2019-5816 |
664 |
|
|
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page. |
4168 |
CVE-2019-5814 |
285 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
4169 |
CVE-2019-5813 |
416 |
|
|
2019-06-27 |
2019-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
4170 |
CVE-2019-5812 |
20 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
4171 |
CVE-2019-5811 |
19 |
|
Bypass |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. |
4172 |
CVE-2019-5810 |
200 |
|
+Info |
2019-06-27 |
2019-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
4173 |
CVE-2019-5809 |
416 |
|
|
2019-06-27 |
2019-07-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. |
4174 |
CVE-2019-5808 |
416 |
|
|
2019-06-27 |
2019-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
4175 |
CVE-2019-5807 |
119 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
4176 |
CVE-2019-5806 |
190 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
4177 |
CVE-2019-5805 |
416 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
4178 |
CVE-2019-5804 |
77 |
|
|
2019-05-23 |
2019-06-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name. |
4179 |
CVE-2019-5803 |
20 |
|
Bypass |
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
4180 |
CVE-2019-5802 |
20 |
|
|
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
4181 |
CVE-2019-5801 |
20 |
|
|
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
4182 |
CVE-2019-5800 |
20 |
|
Bypass |
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
4183 |
CVE-2019-5799 |
20 |
|
Bypass |
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
4184 |
CVE-2019-5798 |
125 |
|
|
2019-05-23 |
2019-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
4185 |
CVE-2019-5796 |
362 |
|
|
2019-05-23 |
2019-06-28 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
4186 |
CVE-2019-5795 |
190 |
|
Overflow |
2019-05-23 |
2019-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. |
4187 |
CVE-2019-5794 |
20 |
|
|
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
4188 |
CVE-2019-5793 |
20 |
|
|
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page. |
4189 |
CVE-2019-5792 |
190 |
|
Overflow |
2019-05-23 |
2019-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. |
4190 |
CVE-2019-5791 |
125 |
|
|
2019-05-23 |
2019-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
4191 |
CVE-2019-5790 |
190 |
|
Exec Code Overflow |
2019-05-23 |
2019-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
4192 |
CVE-2019-5786 |
416 |
|
|
2019-06-27 |
2019-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
4193 |
CVE-2019-5785 |
787 |
|
|
2019-06-27 |
2019-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
4194 |
CVE-2019-5784 |
19 |
|
|
2019-06-27 |
2019-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
4195 |
CVE-2019-5782 |
20 |
|
Exec Code |
2019-02-19 |
2019-04-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
4196 |
CVE-2019-5781 |
20 |
|
|
2019-02-19 |
2019-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. |
4197 |
CVE-2019-5780 |
20 |
|
|
2019-02-19 |
2019-04-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events. |
4198 |
CVE-2019-5779 |
264 |
|
Bypass |
2019-02-19 |
2019-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
4199 |
CVE-2019-5778 |
79 |
|
XSS Bypass |
2019-02-19 |
2019-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension. |
4200 |
CVE-2019-5777 |
20 |
|
|
2019-02-19 |
2019-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. |