Google » Chrome » 25.0.1364.16 : Security Vulnerabilities, CVEs, (Information Leak)
Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction.
Max CVSS
4.3
EPSS Score
1.69%
Published
2020-09-21
Updated
2021-01-28
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
Max CVSS
6.5
EPSS Score
0.19%
Published
2020-07-22
Updated
2021-07-21
Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page.
Max CVSS
4.3
EPSS Score
0.38%
Published
2020-05-21
Updated
2021-01-27
Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.57%
Published
2019-12-10
Updated
2023-02-03
Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.57%
Published
2019-12-10
Updated
2023-01-30
Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
Max CVSS
7.5
EPSS Score
0.19%
Published
2019-09-27
Updated
2022-04-18
Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
7.4
EPSS Score
0.11%
Published
2019-11-25
Updated
2019-12-02
Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem.
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-06-27
Updated
2019-07-30
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.79%
Published
2018-11-14
Updated
2018-12-19
Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.42%
Published
2019-01-09
Updated
2019-01-29
Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.
Max CVSS
6.5
EPSS Score
0.64%
Published
2019-01-09
Updated
2019-01-16
Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
4.3
EPSS Score
0.11%
Published
2019-06-27
Updated
2019-06-28
Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.11%
Published
2019-06-27
Updated
2019-06-28
Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
1.03%
Published
2019-01-09
Updated
2019-01-14
Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.11%
Published
2019-06-27
Updated
2019-07-01
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.11%
Published
2019-06-27
Updated
2019-07-01
Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process.
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-01-09
Updated
2019-01-29
CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
1.03%
Published
2019-01-09
Updated
2019-01-14
Information leak in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.09%
Published
2019-06-27
Updated
2019-06-27
Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Max CVSS
6.5
EPSS Score
1.03%
Published
2019-01-09
Updated
2019-01-15
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.
Max CVSS
6.5
EPSS Score
1.03%
Published
2019-01-09
Updated
2019-01-30
A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.79%
Published
2018-12-04
Updated
2019-03-01
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.79%
Published
2018-12-04
Updated
2019-03-01
Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
1.03%
Published
2019-01-09
Updated
2019-01-29
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.
Max CVSS
4.7
EPSS Score
0.72%
Published
2018-11-14
Updated
2018-12-27