CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome : Security Vulnerabilities (Bypass)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-5840 264 Bypass 2019-06-27 2019-06-28
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
2 CVE-2019-5839 20 Bypass 2019-06-27 2019-07-25
4.3
None Remote Medium Not required None Partial None
Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.
3 CVE-2019-5838 20 Bypass 2019-06-27 2019-07-25
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.
4 CVE-2019-5823 601 Bypass 2019-06-27 2019-07-25
5.8
None Remote Medium Not required Partial Partial None
Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
5 CVE-2019-5822 284 Bypass 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
6 CVE-2019-5811 19 Bypass 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
7 CVE-2019-5803 20 Bypass 2019-05-23 2019-06-28
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
8 CVE-2019-5800 20 Bypass 2019-05-23 2019-06-28
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
9 CVE-2019-5799 20 Bypass 2019-05-23 2019-06-28
4.3
None Remote Medium Not required None Partial None
Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
10 CVE-2019-5779 264 Bypass 2019-02-19 2019-04-18
4.3
None Remote Medium Not required Partial None None
Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
11 CVE-2019-5778 79 XSS Bypass 2019-02-19 2019-04-18
4.3
None Remote Medium Not required None Partial None
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.
12 CVE-2019-5773 20 Bypass 2019-02-19 2019-04-18
4.3
None Remote Medium Not required None Partial None
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
13 CVE-2018-18352 732 Bypass 2018-12-11 2019-10-02
4.3
None Remote Medium Not required Partial None None
Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.
14 CVE-2018-18351 20 Bypass 2018-12-11 2019-08-17
4.3
None Remote Medium Not required Partial None None
Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.
15 CVE-2018-18350 Bypass 2018-12-11 2019-10-02
4.3
None Remote Medium Not required None Partial None
Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.
16 CVE-2018-18345 Bypass 2018-12-11 2019-10-02
4.3
None Remote Medium Not required Partial None None
Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.
17 CVE-2018-16086 285 Bypass 2019-06-27 2019-07-01
5.8
None Remote Medium Not required Partial Partial None
Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
18 CVE-2018-16077 285 Bypass 2019-06-27 2019-07-03
4.3
None Remote Medium Not required None Partial None
Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass content security policy via a crafted HTML page.
19 CVE-2018-16074 285 Bypass 2019-06-27 2019-07-01
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.
20 CVE-2018-16073 285 Bypass 2019-06-27 2019-07-01
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.
21 CVE-2018-16072 346 Bypass 2019-01-09 2019-10-02
4.3
None Remote Medium Not required Partial None None
A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
22 CVE-2018-16064 20 Bypass 2019-06-27 2019-06-28
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in Extensions API in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
23 CVE-2018-6161 20 Bypass 2019-06-27 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
24 CVE-2018-6148 93 Bypass 2019-06-27 2019-07-02
4.3
None Remote Medium Not required None Partial None
Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
25 CVE-2018-6145 79 XSS Bypass 2019-06-27 2019-07-02
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
26 CVE-2018-6138 20 Bypass 2019-06-27 2019-06-28
5.8
None Remote Medium Not required Partial Partial None
Insufficient policy enforcement in Extensions API in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
27 CVE-2018-6134 200 Bypass +Info 2019-06-27 2019-06-27
4.3
None Remote Medium Not required Partial None None
Information leak in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page.
28 CVE-2018-6115 20 Bypass 2018-12-04 2019-01-09
4.3
None Remote Medium Not required None Partial None
Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page.
29 CVE-2018-6114 20 Bypass 2019-01-09 2019-01-16
4.3
None Remote Medium Not required None Partial None
Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.
30 CVE-2018-6112 706 Bypass 2019-01-09 2019-10-02
4.3
None Remote Medium Not required Partial None None
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
31 CVE-2018-6103 20 Bypass 2018-12-04 2019-01-09
4.3
None Remote Medium Not required None Partial None
A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.
32 CVE-2018-6074 20 Bypass 2018-11-14 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.
33 CVE-2018-6070 79 XSS Bypass 2018-11-14 2019-10-02
4.3
None Remote Medium Not required None Partial None
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
34 CVE-2018-6057 732 Bypass 2018-11-14 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.
35 CVE-2018-6040 732 Bypass 2018-09-25 2019-10-02
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.
36 CVE-2017-5118 732 Bypass 2017-10-27 2019-10-02
4.3
None Remote Medium Not required None Partial None
Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
37 CVE-2017-5033 281 Bypass 2017-04-24 2019-10-02
4.3
None Remote Medium Not required None Partial None
Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword.
38 CVE-2017-5027 Bypass 2017-02-17 2019-10-02
4.3
None Remote Medium Not required None Partial None
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
39 CVE-2017-5022 Bypass 2017-02-17 2019-10-02
4.3
None Remote Medium Not required None Partial None
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
40 CVE-2016-9650 19 Bypass 2017-01-19 2018-01-04
4.3
None Remote Medium Not required None Partial None
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page.
41 CVE-2016-5225 19 Bypass 2017-01-19 2018-01-04
4.3
None Remote Medium Not required None Partial None
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page.
42 CVE-2016-5224 189 Bypass 2017-01-19 2018-01-04
4.3
None Remote Medium Not required None Partial None
A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.
43 CVE-2016-5221 190 Bypass 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page.
44 CVE-2016-5217 284 Bypass 2017-01-19 2018-01-04
4.3
None Remote Medium Not required None Partial None
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page.
45 CVE-2016-5206 284 Bypass 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.
46 CVE-2016-5193 20 Bypass 2016-12-17 2018-01-04
4.3
None Remote Medium Not required Partial None None
Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages.
47 CVE-2016-5192 284 Bypass 2016-12-17 2018-01-04
4.3
None Remote Medium Not required None Partial None
Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.
48 CVE-2016-5176 284 Bypass 2016-09-29 2018-01-04
4.3
None Remote Medium Not required None Partial None
Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.
49 CVE-2016-5173 284 Bypass 2016-09-25 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.
50 CVE-2016-5168 346 Bypass +Info 2017-04-21 2017-04-27
5.0
None Remote Low Not required Partial None None
Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information.
Total number of vulnerabilities : 189   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.