Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
Max CVSS
8.8
EPSS Score
1.72%
Published
2018-09-25
Updated
2018-11-15
Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page.
Max CVSS
6.5
EPSS Score
1.33%
Published
2018-09-25
Updated
2018-11-15
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
Max CVSS
6.5
EPSS Score
1.33%
Published
2018-09-25
Updated
2018-11-15
Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.
Max CVSS
4.3
EPSS Score
0.93%
Published
2018-09-25
Updated
2018-11-20
Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.
Max CVSS
4.3
EPSS Score
0.08%
Published
2018-09-25
Updated
2018-11-20
Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.66%
Published
2018-11-14
Updated
2018-12-19
Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction.
Max CVSS
6.5
EPSS Score
1.82%
Published
2018-11-14
Updated
2018-12-19
Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.66%
Published
2018-11-14
Updated
2018-12-21
Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.45%
Published
2018-11-14
Updated
2018-12-26
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.
Max CVSS
4.7
EPSS Score
0.72%
Published
2018-11-14
Updated
2018-12-27
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.79%
Published
2018-12-04
Updated
2019-03-01
A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.79%
Published
2018-12-04
Updated
2019-03-01
A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API.
Max CVSS
5.8
EPSS Score
0.12%
Published
2018-05-04
Updated
2019-10-03
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.79%
Published
2018-11-14
Updated
2018-12-19
14 vulnerabilities found