cpe:2.3:a:google:chrome:25.0.1364.112:*:*:*:*:*:*:*
Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc.
Max CVSS
8.1
EPSS Score
0.33%
Published
2016-05-14
Updated
2016-12-01
Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors.
Max CVSS
7.5
EPSS Score
0.35%
Published
2014-03-16
Updated
2022-11-10
Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in the sandbox via vectors related to (1) lack of checks for .. (dot dot) sequences or (2) lack of use of the \\?\ protection mechanism.
Max CVSS
7.5
EPSS Score
0.19%
Published
2014-02-24
Updated
2014-02-24
The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted directory name.
Max CVSS
7.5
EPSS Score
1.10%
Published
2013-08-21
Updated
2017-09-19
Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to have an unspecified impact via vectors related to databases.
Max CVSS
7.5
EPSS Score
0.33%
Published
2013-03-05
Updated
2017-09-19
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!