CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome » 4.0.240.0 : Security Vulnerabilities (Bypass)

Cpe Name:cpe:/a:google:chrome:4.0.240.0
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-5803 20 Bypass 2019-05-23 2019-05-24
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
2 CVE-2019-5800 20 Bypass 2019-05-23 2019-05-24
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
3 CVE-2019-5799 20 Bypass 2019-05-23 2019-05-24
4.3
None Remote Medium Not required None Partial None
Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
4 CVE-2019-5779 264 Bypass 2019-02-19 2019-04-18
4.3
None Remote Medium Not required Partial None None
Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
5 CVE-2019-5778 79 XSS Bypass 2019-02-19 2019-04-18
4.3
None Remote Medium Not required None Partial None
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.
6 CVE-2019-5773 20 Bypass 2019-02-19 2019-04-18
4.3
None Remote Medium Not required None Partial None
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
7 CVE-2018-18352 264 Bypass 2018-12-11 2018-12-20
4.3
None Remote Medium Not required Partial None None
Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.
8 CVE-2018-18351 20 Bypass 2018-12-11 2018-12-26
4.3
None Remote Medium Not required Partial None None
Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.
9 CVE-2018-18350 19 Bypass 2018-12-11 2018-12-26
4.3
None Remote Medium Not required None Partial None
Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.
10 CVE-2018-18345 254 Bypass 2018-12-11 2018-12-29
4.3
None Remote Medium Not required Partial None None
Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.
11 CVE-2018-16072 284 Bypass 2019-01-09 2019-01-18
4.3
None Remote Medium Not required Partial None None
A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
12 CVE-2018-6115 20 Bypass 2018-12-04 2019-01-09
4.3
None Remote Medium Not required None Partial None
Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page.
13 CVE-2018-6114 20 Bypass 2019-01-09 2019-01-16
4.3
None Remote Medium Not required None Partial None
Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.
14 CVE-2018-6103 20 Bypass 2018-12-04 2019-01-09
4.3
None Remote Medium Not required None Partial None
A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.
15 CVE-2018-6074 20 Bypass 2018-11-14 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.
16 CVE-2018-6070 254 Bypass 2018-11-14 2018-12-19
4.3
None Remote Medium Not required None Partial None
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
17 CVE-2018-6057 254 Bypass 2018-11-14 2018-12-26
6.8
None Remote Medium Not required Partial Partial Partial
Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.
18 CVE-2018-6040 254 Bypass 2018-09-25 2018-11-21
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.
19 CVE-2017-15430 264 Bypass 2018-08-28 2018-11-02
4.3
None Remote Medium Not required Partial None None
Unsafe navigation in Chromecast in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
20 CVE-2017-5118 254 Bypass 2017-10-27 2017-12-30
4.3
None Remote Medium Not required None Partial None
Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
21 CVE-2012-1846 264 Bypass 2012-03-22 2018-01-09
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."
22 CVE-2012-1845 399 Exec Code Bypass 2012-03-22 2018-01-09
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."
23 CVE-2011-3956 264 Bypass 2012-02-08 2017-09-18
5.0
None Remote Low Not required None Partial None
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension.
24 CVE-2011-3887 264 Bypass 2011-10-25 2018-01-05
5.0
None Remote Low Not required Partial None None
Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.
25 CVE-2011-3881 XSS Bypass 2011-10-25 2018-01-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function.
26 CVE-2011-3080 362 Bypass 2012-05-01 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
Race condition in the Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168 allows attackers to bypass intended sandbox restrictions via unspecified vectors.
27 CVE-2011-3072 264 Bypass 2012-04-05 2017-12-06
5.0
None Remote Low Not required None Partial None
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows.
28 CVE-2011-3067 264 Bypass 2012-04-05 2017-12-06
5.0
None Remote Low Not required None Partial None
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.
29 CVE-2011-3056 20 Bypass 2012-03-22 2018-01-09
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."
30 CVE-2011-3054 264 Bypass 2012-03-22 2018-01-09
5.0
None Remote Low Not required None Partial None
The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
31 CVE-2011-2878 264 Bypass 2011-10-04 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 14.0.835.202 does not properly restrict access to the window prototype, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
32 CVE-2011-2856 264 Bypass 2011-09-19 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
33 CVE-2011-2826 264 Bypass 2011-08-29 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 13.0.782.215 allows remote attackers to bypass the Same Origin Policy via vectors related to empty origins.
34 CVE-2011-2819 264 Bypass 2011-08-02 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI.
35 CVE-2011-2805 264 Bypass 2011-08-02 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and conduct script injection attacks via unspecified vectors.
36 CVE-2011-2795 264 Bypass 2011-08-02 2017-09-18
5.8
None Remote Medium Not required Partial Partial None
Google Chrome before 13.0.782.107 does not prevent calls to functions in other frames, which allows remote attackers to bypass intended access restrictions via a crafted web site, related to a "cross-frame function leak."
37 CVE-2011-2782 264 Bypass 2011-08-02 2017-09-18
4.3
None Remote Medium Not required None Partial None
The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enforce permissions for files, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.
38 CVE-2011-2360 264 Bypass 2011-08-02 2017-09-18
5.0
None Remote Low Not required None Partial None
Google Chrome before 13.0.782.107 does not ensure that the user is prompted before download of a dangerous file, which makes it easier for remote attackers to bypass intended content restrictions via a crafted web site.
39 CVE-2011-2342 264 Bypass 2011-06-09 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
The DOM implementation in Google Chrome before 12.0.742.91 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
40 CVE-2011-2332 264 Bypass 2011-06-09 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google V8, as used in Google Chrome before 12.0.742.91, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
41 CVE-2011-1812 264 Bypass 2011-06-09 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 12.0.742.91 allows remote attackers to bypass intended access restrictions via vectors related to extensions.
42 CVE-2011-1801 Bypass 2011-05-26 2017-09-18
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in Google Chrome before 11.0.696.71 allows remote attackers to bypass the pop-up blocker via unknown vectors.
43 CVE-2011-1438 264 Bypass 2011-05-03 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 11.0.696.57 allows remote attackers to bypass the Same Origin Policy via vectors involving blobs.
44 CVE-2011-1304 Bypass 2011-05-03 2017-09-18
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to bypass the pop-up blocker via vectors related to plug-ins.
45 CVE-2011-1194 Bypass 2011-03-10 2017-09-18
5.0
None Remote Low Not required None Partial None
Multiple unspecified vulnerabilities in Google Chrome before 10.0.648.127 allow remote attackers to bypass the pop-up blocker via unknown vectors.
46 CVE-2011-1193 264 Bypass 2011-03-10 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google V8, as used in Google Chrome before 10.0.648.127, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
47 CVE-2011-1190 264 Bypass 2011-03-10 2017-09-18
5.0
None Remote Low Not required Partial None None
The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
48 CVE-2011-1187 264 Bypass 2011-03-10 2017-09-18
5.0
None Remote Low Not required Partial None None
Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
49 CVE-2010-4574 189 DoS Bypass 2010-12-21 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data.
50 CVE-2010-4041 264 Bypass 2010-10-21 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.
Total number of vulnerabilities : 55   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.