CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome » 6.0.472.47 : Security Vulnerabilities (Bypass)

Cpe Name:cpe:/a:google:chrome:6.0.472.47
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-5840 264 Bypass 2019-06-27 2019-06-28
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
2 CVE-2019-5839 20 Bypass 2019-06-27 2019-07-25
4.3
None Remote Medium Not required None Partial None
Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.
3 CVE-2019-5838 20 Bypass 2019-06-27 2019-07-25
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.
4 CVE-2019-5823 601 Bypass 2019-06-27 2019-07-25
5.8
None Remote Medium Not required Partial Partial None
Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
5 CVE-2019-5822 284 Bypass 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
6 CVE-2019-5811 19 Bypass 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
7 CVE-2019-5803 20 Bypass 2019-05-23 2019-06-28
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
8 CVE-2019-5800 20 Bypass 2019-05-23 2019-06-28
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
9 CVE-2019-5799 20 Bypass 2019-05-23 2019-06-28
4.3
None Remote Medium Not required None Partial None
Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
10 CVE-2019-5779 264 Bypass 2019-02-19 2019-04-18
4.3
None Remote Medium Not required Partial None None
Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
11 CVE-2019-5778 79 XSS Bypass 2019-02-19 2019-04-18
4.3
None Remote Medium Not required None Partial None
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.
12 CVE-2019-5773 20 Bypass 2019-02-19 2019-04-18
4.3
None Remote Medium Not required None Partial None
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
13 CVE-2018-18352 732 Bypass 2018-12-11 2019-10-02
4.3
None Remote Medium Not required Partial None None
Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.
14 CVE-2018-18351 20 Bypass 2018-12-11 2019-08-17
4.3
None Remote Medium Not required Partial None None
Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.
15 CVE-2018-18350 Bypass 2018-12-11 2019-10-02
4.3
None Remote Medium Not required None Partial None
Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.
16 CVE-2018-18345 Bypass 2018-12-11 2019-10-02
4.3
None Remote Medium Not required Partial None None
Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.
17 CVE-2018-16086 285 Bypass 2019-06-27 2019-07-01
5.8
None Remote Medium Not required Partial Partial None
Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
18 CVE-2018-16077 285 Bypass 2019-06-27 2019-07-03
4.3
None Remote Medium Not required None Partial None
Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass content security policy via a crafted HTML page.
19 CVE-2018-16074 285 Bypass 2019-06-27 2019-07-01
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.
20 CVE-2018-16073 285 Bypass 2019-06-27 2019-07-01
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.
21 CVE-2018-16072 346 Bypass 2019-01-09 2019-10-02
4.3
None Remote Medium Not required Partial None None
A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
22 CVE-2018-16064 20 Bypass 2019-06-27 2019-06-28
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in Extensions API in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
23 CVE-2018-6161 20 Bypass 2019-06-27 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
24 CVE-2018-6148 93 Bypass 2019-06-27 2019-07-02
4.3
None Remote Medium Not required None Partial None
Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
25 CVE-2018-6145 79 XSS Bypass 2019-06-27 2019-07-02
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
26 CVE-2018-6138 20 Bypass 2019-06-27 2019-06-28
5.8
None Remote Medium Not required Partial Partial None
Insufficient policy enforcement in Extensions API in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
27 CVE-2018-6134 200 Bypass +Info 2019-06-27 2019-06-27
4.3
None Remote Medium Not required Partial None None
Information leak in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page.
28 CVE-2018-6115 20 Bypass 2018-12-04 2019-01-09
4.3
None Remote Medium Not required None Partial None
Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page.
29 CVE-2018-6114 20 Bypass 2019-01-09 2019-01-16
4.3
None Remote Medium Not required None Partial None
Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.
30 CVE-2018-6112 706 Bypass 2019-01-09 2019-10-02
4.3
None Remote Medium Not required Partial None None
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
31 CVE-2018-6103 20 Bypass 2018-12-04 2019-01-09
4.3
None Remote Medium Not required None Partial None
A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.
32 CVE-2018-6074 20 Bypass 2018-11-14 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.
33 CVE-2018-6070 79 XSS Bypass 2018-11-14 2019-10-02
4.3
None Remote Medium Not required None Partial None
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
34 CVE-2018-6057 732 Bypass 2018-11-14 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.
35 CVE-2018-6040 732 Bypass 2018-09-25 2019-10-02
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.
36 CVE-2017-5118 732 Bypass 2017-10-27 2019-10-02
4.3
None Remote Medium Not required None Partial None
Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
37 CVE-2012-5376 269 Bypass 2012-10-11 2019-09-27
9.3
None Remote Medium Not required Complete Complete Complete
The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112.
38 CVE-2012-1846 264 Bypass 2012-03-22 2018-01-09
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."
39 CVE-2012-1845 399 Exec Code Bypass 2012-03-22 2018-01-09
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."
40 CVE-2011-3956 264 Bypass 2012-02-08 2017-09-18
5.0
None Remote Low Not required None Partial None
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension.
41 CVE-2011-3887 264 Bypass 2011-10-25 2018-01-05
5.0
None Remote Low Not required Partial None None
Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.
42 CVE-2011-3881 XSS Bypass 2011-10-25 2018-01-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function.
43 CVE-2011-3080 362 Bypass 2012-05-01 2017-12-06
7.5
None Remote Low Not required Partial Partial Partial
Race condition in the Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168 allows attackers to bypass intended sandbox restrictions via unspecified vectors.
44 CVE-2011-3072 264 Bypass 2012-04-05 2017-12-06
5.0
None Remote Low Not required None Partial None
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to pop-up windows.
45 CVE-2011-3067 264 Bypass 2012-04-05 2017-12-06
5.0
None Remote Low Not required None Partial None
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.
46 CVE-2011-3056 20 Bypass 2012-03-22 2018-01-09
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."
47 CVE-2011-3054 264 Bypass 2012-03-22 2018-01-09
5.0
None Remote Low Not required None Partial None
The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
48 CVE-2011-2878 264 Bypass 2011-10-04 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 14.0.835.202 does not properly restrict access to the window prototype, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
49 CVE-2011-2856 264 Bypass 2011-09-19 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
50 CVE-2011-2826 264 Bypass 2011-08-29 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 13.0.782.215 allows remote attackers to bypass the Same Origin Policy via vectors related to empty origins.
Total number of vulnerabilities : 68   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.