XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.
Max CVSS
6.1
EPSS Score
0.29%
Published
2018-11-14
Updated
2018-12-14
Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page.
Max CVSS
6.1
EPSS Score
0.40%
Published
2018-11-14
Updated
2018-12-19
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
Max CVSS
6.1
EPSS Score
0.32%
Published
2018-11-14
Updated
2019-10-03
Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
Max CVSS
6.1
EPSS Score
0.25%
Published
2018-08-28
Updated
2018-11-07
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.
Max CVSS
6.1
EPSS Score
0.29%
Published
2018-08-28
Updated
2018-11-02
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.
Max CVSS
6.1
EPSS Score
0.87%
Published
2018-02-07
Updated
2018-02-23
6 vulnerabilities found