Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Source: Chrome
Max CVSS
7.5
EPSS Score
0.08%
Published
2024-01-24
Updated
2024-01-29
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)
Source: Chrome
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-05-30
Updated
2024-01-31
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)
Source: Chrome
Max CVSS
7.1
EPSS Score
0.11%
Published
2023-05-03
Updated
2023-10-20
Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Source: Chrome
Max CVSS
7.5
EPSS Score
0.23%
Published
2023-04-19
Updated
2023-10-20
Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Source: Chrome
Max CVSS
7.5
EPSS Score
0.21%
Published
2023-02-07
Updated
2023-10-26
Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Source: Chrome
Max CVSS
7.5
EPSS Score
1.33%
Published
2023-01-02
Updated
2023-01-09
Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Source: Chrome
Max CVSS
7.4
EPSS Score
0.13%
Published
2022-11-01
Updated
2022-12-09
Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test.
Source: Chrome
Max CVSS
7.5
EPSS Score
0.19%
Published
2022-07-26
Updated
2022-09-01
Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source: Chrome
Max CVSS
7.5
EPSS Score
0.37%
Published
2022-07-26
Updated
2022-08-30
Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interaction and profile destruction.
Source: Chrome
Max CVSS
7.5
EPSS Score
0.14%
Published
2022-07-23
Updated
2022-09-01
Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Source: Chrome
Max CVSS
7.8
EPSS Score
0.05%
Published
2022-02-12
Updated
2022-02-22
Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source: Chrome
Max CVSS
7.5
EPSS Score
0.23%
Published
2021-11-02
Updated
2022-02-18
Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows.
Source: Chrome
Max CVSS
7.4
EPSS Score
0.24%
Published
2021-11-02
Updated
2022-02-18
Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.
Source: Chrome
Max CVSS
7.8
EPSS Score
0.09%
Published
2021-10-08
Updated
2022-07-12
Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source: Chrome
Max CVSS
7.5
EPSS Score
0.84%
Published
2021-08-26
Updated
2021-11-30
Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file.
Source: Chrome
Max CVSS
7.8
EPSS Score
0.10%
Published
2021-08-03
Updated
2022-07-12
Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Source: Chrome
Max CVSS
7.4
EPSS Score
0.45%
Published
2021-04-09
Updated
2021-06-07
Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.
Source: Chrome
Max CVSS
7.8
EPSS Score
0.05%
Published
2021-02-09
Updated
2022-07-12
Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Source: Chrome
Max CVSS
7.4
EPSS Score
0.10%
Published
2022-02-11
Updated
2022-02-18
Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to perform OS-level privilege escalation via a malicious file.
Source: Chrome
Max CVSS
7.5
EPSS Score
0.13%
Published
2021-01-08
Updated
2021-01-12
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
Source: Chrome
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-11-03
Updated
2021-07-21
Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.
Source: Chrome
Max CVSS
7.8
EPSS Score
0.10%
Published
2020-11-03
Updated
2021-03-11
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents.
Source: Chrome
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-11-03
Updated
2021-03-11
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.
Source: Chrome
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-09-21
Updated
2023-01-31
Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Source: Chrome
Max CVSS
7.6
EPSS Score
0.57%
Published
2020-09-21
Updated
2021-01-27
531 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!