cpe:2.3:a:google:chrome:25.0.1364.39:*:*:*:*:*:*:*
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-05-30
Updated
2024-01-31
Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.
Max CVSS
8.8
EPSS Score
0.13%
Published
2022-04-05
Updated
2022-10-27
Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.
Max CVSS
7.8
EPSS Score
0.09%
Published
2021-10-08
Updated
2022-07-12
Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file.
Max CVSS
7.8
EPSS Score
0.09%
Published
2021-08-03
Updated
2022-07-12
Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Max CVSS
6.5
EPSS Score
2.17%
Published
2021-03-09
Updated
2021-12-03
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.
Max CVSS
6.5
EPSS Score
0.17%
Published
2021-02-09
Updated
2021-03-04
Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.
Max CVSS
7.8
EPSS Score
0.05%
Published
2021-02-09
Updated
2022-07-12
Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to perform OS-level privilege escalation via a malicious file.
Max CVSS
7.5
EPSS Score
0.13%
Published
2021-01-08
Updated
2021-01-12
Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-09-21
Updated
2023-01-31
Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-05-21
Updated
2022-04-26
Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable.
Max CVSS
7.8
EPSS Score
0.05%
Published
2019-11-25
Updated
2022-10-14
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
Max CVSS
9.6
EPSS Score
0.08%
Published
2023-08-25
Updated
2023-08-31
Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.79%
Published
2019-06-27
Updated
2022-10-11
Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
Max CVSS
5.8
EPSS Score
0.07%
Published
2019-06-27
Updated
2019-07-01
Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass content security policy via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.09%
Published
2019-06-27
Updated
2019-07-03
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.09%
Published
2019-06-27
Updated
2019-07-01
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.09%
Published
2019-06-27
Updated
2019-07-01
Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension.
Max CVSS
7.8
EPSS Score
0.05%
Published
2019-06-27
Updated
2019-06-28
Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.13%
Published
2019-06-27
Updated
2019-07-01
An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted HTML page.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-01-09
Updated
2019-10-03
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.50%
Published
2017-01-19
Updated
2018-01-05
The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.90%
Published
2017-01-19
Updated
2018-01-05
Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.
Max CVSS
6.5
EPSS Score
0.50%
Published
2016-12-18
Updated
2018-01-05
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.
Max CVSS
6.5
EPSS Score
0.53%
Published
2016-12-18
Updated
2018-01-05
Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.25%
Published
2016-09-29
Updated
2018-01-05
52 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!