Google » Chrome » 25.0.1364.120 : Security Vulnerabilities, CVEs, (Information Leak) CVSS score >= 8
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
Max CVSS
8.8
EPSS Score
1.88%
Published
2018-09-25
Updated
2018-11-15
net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763.
Max CVSS
8.8
EPSS Score
1.68%
Published
2016-07-23
Updated
2017-09-01
fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document.
Max CVSS
8.1
EPSS Score
3.43%
Published
2016-04-18
Updated
2018-10-30
3 vulnerabilities found