Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.
Max CVSS
9.6
EPSS Score
0.49%
Published
2018-11-14
Updated
2019-10-03
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
2.22%
Published
2018-11-14
Updated
2020-08-24
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.
Max CVSS
9.6
EPSS Score
1.39%
Published
2018-12-04
Updated
2019-02-05
A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
9.3
EPSS Score
2.22%
Published
2018-08-28
Updated
2018-11-07
A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.
Max CVSS
9.8
EPSS Score
11.57%
Published
2018-08-28
Updated
2018-11-07
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
Max CVSS
9.3
EPSS Score
1.68%
Published
2018-01-09
Updated
2018-02-02
6 vulnerabilities found