Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Source: Chrome
Max CVSS
6.5
EPSS Score
0.25%
Published
2021-12-23
Updated
2022-02-18
Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Source: Chrome
Max CVSS
6.5
EPSS Score
0.24%
Published
2021-12-23
Updated
2022-02-18
Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Source: Chrome
Max CVSS
4.3
EPSS Score
0.33%
Published
2021-12-23
Updated
2022-07-12
Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Source: Chrome
Max CVSS
6.5
EPSS Score
0.34%
Published
2021-12-23
Updated
2022-07-12
Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Source: Chrome
Max CVSS
6.5
EPSS Score
0.18%
Published
2021-12-23
Updated
2022-02-18
Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Source: Chrome
Max CVSS
8.8
EPSS Score
0.38%
Published
2021-12-23
Updated
2022-02-18
Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
Source: Chrome
Max CVSS
8.8
EPSS Score
0.38%
Published
2021-12-23
Updated
2022-02-18
Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
Source: Chrome
Max CVSS
8.8
EPSS Score
0.16%
Published
2021-12-23
Updated
2022-02-18
Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source: Chrome
Max CVSS
8.8
EPSS Score
0.38%
Published
2021-12-23
Updated
2022-02-19
Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.
Source: Chrome
Max CVSS
9.6
EPSS Score
0.53%
Published
2021-12-23
Updated
2022-02-19
Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source: Chrome
Max CVSS
8.8
EPSS Score
0.38%
Published
2021-12-23
Updated
2022-02-19
Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source: Chrome
Max CVSS
8.8
EPSS Score
0.54%
Published
2021-12-23
Updated
2022-02-28
Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Source: Chrome
Max CVSS
6.5
EPSS Score
0.24%
Published
2021-12-23
Updated
2022-02-11
Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Source: Chrome
Max CVSS
6.5
EPSS Score
0.34%
Published
2021-12-23
Updated
2022-02-28
Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source: Chrome
Max CVSS
8.8
EPSS Score
0.78%
Published
2021-12-23
Updated
2022-02-28
Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source: Chrome
Max CVSS
8.8
EPSS Score
0.38%
Published
2021-12-23
Updated
2022-02-28
Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source: Chrome
Max CVSS
8.8
EPSS Score
0.54%
Published
2021-12-23
Updated
2022-02-28
Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source: Chrome
Max CVSS
8.8
EPSS Score
0.54%
Published
2021-12-23
Updated
2022-02-28
Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Source: Chrome
Max CVSS
4.3
EPSS Score
0.18%
Published
2021-11-23
Updated
2022-02-18

CVE-2021-38003

Known exploited
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source: Chrome
Max CVSS
8.8
EPSS Score
2.47%
Published
2021-11-23
Updated
2022-02-18
CISA KEV Added
2021-11-03
Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Source: Chrome
Max CVSS
9.6
EPSS Score
0.22%
Published
2021-11-23
Updated
2022-02-28
Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source: Chrome
Max CVSS
8.8
EPSS Score
0.52%
Published
2021-11-23
Updated
2022-02-28

CVE-2021-38000

Known exploited
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.
Source: Chrome
Max CVSS
6.1
EPSS Score
0.40%
Published
2021-11-23
Updated
2024-02-15
CISA KEV Added
2021-11-03
Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.
Source: Chrome
Max CVSS
6.1
EPSS Score
0.18%
Published
2021-11-23
Updated
2022-02-28
Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source: Chrome
Max CVSS
8.8
EPSS Score
0.48%
Published
2021-11-23
Updated
2022-02-28
353 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!