cpe:2.3:a:google:chrome:25.0.1364.26:*:*:*:*:*:*:*
Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.
Max CVSS
8.8
EPSS Score
0.13%
Published
2022-04-05
Updated
2022-10-27
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
Max CVSS
9.6
EPSS Score
0.08%
Published
2023-08-25
Updated
2023-08-31
Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.79%
Published
2019-06-27
Updated
2022-10-11
Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.13%
Published
2019-06-27
Updated
2019-07-01
The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.90%
Published
2017-01-19
Updated
2018-01-05
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143.
Max CVSS
9.8
EPSS Score
1.38%
Published
2016-08-07
Updated
2017-07-01
WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Max CVSS
8.8
EPSS Score
0.94%
Published
2016-07-23
Updated
2017-09-01
The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Max CVSS
8.8
EPSS Score
0.94%
Published
2016-07-23
Updated
2017-09-01
The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
Max CVSS
8.8
EPSS Score
1.02%
Published
2016-06-05
Updated
2018-10-30
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
Max CVSS
8.8
EPSS Score
1.56%
Published
2016-06-05
Updated
2018-10-30
extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
Max CVSS
8.8
EPSS Score
1.48%
Published
2016-06-05
Updated
2018-10-30
Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.
Max CVSS
8.8
EPSS Score
1.60%
Published
2016-06-05
Updated
2018-10-30
The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors.
Max CVSS
8.8
EPSS Score
1.48%
Published
2016-06-05
Updated
2018-10-30
The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Max CVSS
8.8
EPSS Score
0.90%
Published
2016-05-14
Updated
2018-10-30
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Max CVSS
8.8
EPSS Score
1.06%
Published
2016-05-14
Updated
2018-10-30
15 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!