XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.
Max CVSS
6.1
EPSS Score
0.29%
Published
2018-11-14
Updated
2018-12-14
Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page.
Max CVSS
6.1
EPSS Score
0.40%
Published
2018-11-14
Updated
2018-12-19
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
Max CVSS
6.1
EPSS Score
0.32%
Published
2018-11-14
Updated
2019-10-03
3 vulnerabilities found