| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
4151 |
CVE-2019-5834 |
20 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
|
4152 |
CVE-2019-5833 |
264 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page. |
|
4153 |
CVE-2019-5832 |
284 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
|
4154 |
CVE-2019-5831 |
119 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
4155 |
CVE-2019-5830 |
284 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
|
4156 |
CVE-2019-5829 |
416 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
|
4157 |
CVE-2019-5828 |
416 |
|
|
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
|
4158 |
CVE-2019-5827 |
190 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
4159 |
CVE-2019-5824 |
119 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
4160 |
CVE-2019-5823 |
601 |
|
Bypass |
2019-06-27 |
2019-07-25 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
|
4161 |
CVE-2019-5822 |
284 |
|
Bypass |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. |
|
4162 |
CVE-2019-5821 |
190 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
|
4163 |
CVE-2019-5820 |
190 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
|
4164 |
CVE-2019-5819 |
20 |
|
Exec Code |
2019-06-27 |
2019-07-25 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard. |
|
4165 |
CVE-2019-5818 |
200 |
|
+Info |
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. |
|
4166 |
CVE-2019-5817 |
119 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
4167 |
CVE-2019-5816 |
664 |
|
|
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page. |
|
4168 |
CVE-2019-5814 |
285 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
|
4169 |
CVE-2019-5813 |
416 |
|
|
2019-06-27 |
2019-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
4170 |
CVE-2019-5812 |
20 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
|
4171 |
CVE-2019-5811 |
19 |
|
Bypass |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. |
|
4172 |
CVE-2019-5810 |
200 |
|
+Info |
2019-06-27 |
2019-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
|
4173 |
CVE-2019-5809 |
416 |
|
|
2019-06-27 |
2019-07-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. |
|
4174 |
CVE-2019-5808 |
416 |
|
|
2019-06-27 |
2019-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
4175 |
CVE-2019-5807 |
119 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
4176 |
CVE-2019-5806 |
190 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
4177 |
CVE-2019-5805 |
416 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
|
4178 |
CVE-2019-5804 |
77 |
|
|
2019-05-23 |
2019-06-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name. |
|
4179 |
CVE-2019-5803 |
20 |
|
Bypass |
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
|
4180 |
CVE-2019-5802 |
20 |
|
|
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
|
4181 |
CVE-2019-5801 |
20 |
|
|
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
|
4182 |
CVE-2019-5800 |
20 |
|
Bypass |
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
|
4183 |
CVE-2019-5799 |
20 |
|
Bypass |
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
|
4184 |
CVE-2019-5798 |
125 |
|
|
2019-05-23 |
2019-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
|
4185 |
CVE-2019-5796 |
362 |
|
|
2019-05-23 |
2019-06-28 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
4186 |
CVE-2019-5795 |
190 |
|
Overflow |
2019-05-23 |
2019-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. |
|
4187 |
CVE-2019-5794 |
20 |
|
|
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
|
4188 |
CVE-2019-5793 |
20 |
|
|
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page. |
|
4189 |
CVE-2019-5792 |
190 |
|
Overflow |
2019-05-23 |
2019-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. |
|
4190 |
CVE-2019-5791 |
125 |
|
|
2019-05-23 |
2019-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
|
4191 |
CVE-2019-5790 |
190 |
|
Exec Code Overflow |
2019-05-23 |
2019-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
|
4192 |
CVE-2019-5786 |
416 |
|
|
2019-06-27 |
2019-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
|
4193 |
CVE-2019-5785 |
787 |
|
|
2019-06-27 |
2019-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
|
4194 |
CVE-2019-5784 |
19 |
|
|
2019-06-27 |
2019-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
4195 |
CVE-2019-5782 |
20 |
|
Exec Code |
2019-02-19 |
2019-04-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
|
4196 |
CVE-2019-5781 |
20 |
|
|
2019-02-19 |
2019-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. |
|
4197 |
CVE-2019-5780 |
20 |
|
|
2019-02-19 |
2019-04-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events. |
|
4198 |
CVE-2019-5779 |
264 |
|
Bypass |
2019-02-19 |
2019-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
|
4199 |
CVE-2019-5778 |
79 |
|
XSS Bypass |
2019-02-19 |
2019-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension. |
|
4200 |
CVE-2019-5777 |
20 |
|
|
2019-02-19 |
2019-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. |
