# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2019-5840 |
264 |
|
Bypass |
2019-06-27 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
2 |
CVE-2019-5839 |
20 |
|
Bypass |
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL. |
3 |
CVE-2019-5838 |
20 |
|
Bypass |
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension. |
4 |
CVE-2019-5837 |
200 |
|
+Info |
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
5 |
CVE-2019-5836 |
119 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
6 |
CVE-2019-5835 |
125 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
7 |
CVE-2019-5834 |
20 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
8 |
CVE-2019-5833 |
264 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page. |
9 |
CVE-2019-5832 |
284 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
10 |
CVE-2019-5831 |
119 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
11 |
CVE-2019-5830 |
284 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
12 |
CVE-2019-5829 |
416 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
13 |
CVE-2019-5828 |
416 |
|
|
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
14 |
CVE-2019-5827 |
190 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
15 |
CVE-2019-5824 |
119 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
16 |
CVE-2019-5823 |
601 |
|
Bypass |
2019-06-27 |
2019-07-25 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
17 |
CVE-2019-5822 |
284 |
|
Bypass |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. |
18 |
CVE-2019-5821 |
190 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
19 |
CVE-2019-5820 |
190 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
20 |
CVE-2019-5819 |
20 |
|
Exec Code |
2019-06-27 |
2019-07-25 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard. |
21 |
CVE-2019-5818 |
200 |
|
+Info |
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. |
22 |
CVE-2019-5817 |
119 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
23 |
CVE-2019-5816 |
664 |
|
|
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page. |
24 |
CVE-2019-5814 |
285 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
25 |
CVE-2019-5813 |
416 |
|
|
2019-06-27 |
2019-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
26 |
CVE-2019-5812 |
20 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
27 |
CVE-2019-5811 |
19 |
|
Bypass |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. |
28 |
CVE-2019-5810 |
200 |
|
+Info |
2019-06-27 |
2019-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
29 |
CVE-2019-5809 |
416 |
|
|
2019-06-27 |
2019-07-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. |
30 |
CVE-2019-5808 |
416 |
|
|
2019-06-27 |
2019-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
31 |
CVE-2019-5807 |
119 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
32 |
CVE-2019-5806 |
190 |
|
Overflow |
2019-06-27 |
2019-07-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
33 |
CVE-2019-5805 |
416 |
|
|
2019-06-27 |
2019-07-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
34 |
CVE-2019-5804 |
77 |
|
|
2019-05-23 |
2019-06-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name. |
35 |
CVE-2019-5803 |
20 |
|
Bypass |
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
36 |
CVE-2019-5802 |
20 |
|
|
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
37 |
CVE-2019-5801 |
20 |
|
|
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
38 |
CVE-2019-5800 |
20 |
|
Bypass |
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
39 |
CVE-2019-5799 |
20 |
|
Bypass |
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
40 |
CVE-2019-5798 |
125 |
|
|
2019-05-23 |
2019-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
41 |
CVE-2019-5796 |
362 |
|
|
2019-05-23 |
2019-06-28 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
42 |
CVE-2019-5795 |
190 |
|
Overflow |
2019-05-23 |
2019-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. |
43 |
CVE-2019-5794 |
20 |
|
|
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
44 |
CVE-2019-5793 |
20 |
|
|
2019-05-23 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page. |
45 |
CVE-2019-5792 |
190 |
|
Overflow |
2019-05-23 |
2019-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. |
46 |
CVE-2019-5791 |
125 |
|
|
2019-05-23 |
2019-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
47 |
CVE-2019-5790 |
190 |
|
Exec Code Overflow |
2019-05-23 |
2019-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
48 |
CVE-2019-5789 |
190 |
|
Exec Code Overflow |
2019-05-23 |
2019-06-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. |
49 |
CVE-2019-5788 |
190 |
|
Exec Code Overflow |
2019-05-23 |
2019-06-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. |
50 |
CVE-2019-5787 |
416 |
|
|
2019-05-23 |
2019-06-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |