cpe:2.3:a:google:chrome:25.0.1364.16:*:*:*:*:*:*:*
Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction.
Max CVSS
4.3
EPSS Score
1.69%
Published
2020-09-21
Updated
2021-01-28
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
Max CVSS
6.5
EPSS Score
0.19%
Published
2020-07-22
Updated
2021-07-21
Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page.
Max CVSS
4.3
EPSS Score
0.38%
Published
2020-05-21
Updated
2021-01-27
Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.57%
Published
2019-12-10
Updated
2023-02-03
Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.57%
Published
2019-12-10
Updated
2023-01-30
Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
Max CVSS
7.5
EPSS Score
0.19%
Published
2019-09-27
Updated
2022-04-18
Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
7.4
EPSS Score
0.11%
Published
2019-11-25
Updated
2019-12-02
Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem.
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-06-27
Updated
2019-07-30
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.79%
Published
2018-11-14
Updated
2018-12-19
Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.42%
Published
2019-01-09
Updated
2019-01-29
Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.
Max CVSS
6.5
EPSS Score
0.64%
Published
2019-01-09
Updated
2019-01-16
Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
4.3
EPSS Score
0.11%
Published
2019-06-27
Updated
2019-06-28
Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.11%
Published
2019-06-27
Updated
2019-06-28
Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
1.03%
Published
2019-01-09
Updated
2019-01-14
Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.11%
Published
2019-06-27
Updated
2019-07-01
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.11%
Published
2019-06-27
Updated
2019-07-01
Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process.
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-01-09
Updated
2019-01-29
CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
1.03%
Published
2019-01-09
Updated
2019-01-14
Information leak in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.09%
Published
2019-06-27
Updated
2019-06-27
Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Max CVSS
6.5
EPSS Score
1.03%
Published
2019-01-09
Updated
2019-01-15
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.
Max CVSS
6.5
EPSS Score
1.03%
Published
2019-01-09
Updated
2019-01-30
A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.79%
Published
2018-12-04
Updated
2019-03-01
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.79%
Published
2018-12-04
Updated
2019-03-01
Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
1.03%
Published
2019-01-09
Updated
2019-01-29
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.
Max CVSS
4.7
EPSS Score
0.72%
Published
2018-11-14
Updated
2018-12-27
68 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!