CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome : Security Vulnerabilities Published In 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-15684 2019-11-25 2020-08-24
4.3
None Remote Medium Not required None Partial None
Kaspersky Protection extension for web browser Google Chrome prior to 30.112.62.0 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions.
2 CVE-2019-13764 843 2019-12-10 2019-12-16
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
3 CVE-2019-13763 2019-12-10 2020-08-24
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
4 CVE-2019-13761 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
5 CVE-2019-13759 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
6 CVE-2019-13757 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
7 CVE-2019-13756 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
8 CVE-2019-13755 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.
9 CVE-2019-13754 Bypass 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
10 CVE-2019-13753 125 +Info 2019-12-10 2020-08-06
4.3
None Remote Medium Not required Partial None None
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
11 CVE-2019-13752 125 +Info 2019-12-10 2020-08-06
4.3
None Remote Medium Not required Partial None None
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
12 CVE-2019-13751 908 +Info 2019-12-10 2020-08-24
4.3
None Remote Medium Not required Partial None None
Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
13 CVE-2019-13750 20 Bypass 2019-12-10 2020-08-06
4.3
None Remote Medium Not required Partial None None
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.
14 CVE-2019-13748 862 +Info 2019-12-10 2020-08-24
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
15 CVE-2019-13747 787 2019-12-10 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
16 CVE-2019-13746 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
17 CVE-2019-13745 200 +Info 2019-12-10 2019-12-16
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
18 CVE-2019-13744 200 +Info 2019-12-10 2019-12-16
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
19 CVE-2019-13743 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page.
20 CVE-2019-13741 79 XSS Bypass 2019-12-10 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content.
21 CVE-2019-13740 346 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
22 CVE-2019-13739 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
23 CVE-2019-13738 269 Bypass 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.
24 CVE-2019-13737 200 +Info 2019-12-10 2019-12-16
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
25 CVE-2019-13736 787 Overflow 2019-12-10 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
26 CVE-2019-13735 787 Exec Code 2019-12-10 2019-12-16
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
27 CVE-2019-13734 787 2019-12-10 2020-08-06
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
28 CVE-2019-13732 787 2019-12-10 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
29 CVE-2019-13730 843 2019-12-10 2019-12-16
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
30 CVE-2019-13729 787 2019-12-10 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
31 CVE-2019-13728 787 2019-12-10 2019-12-16
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
32 CVE-2019-13727 281 Bypass 2019-12-10 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
33 CVE-2019-13726 119 Exec Code Overflow 2019-12-10 2019-12-16
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
34 CVE-2019-13725 416 Exec Code 2019-12-10 2019-12-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
35 CVE-2019-13724 787 Mem. Corr. 2019-11-25 2019-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds memory access in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
36 CVE-2019-13723 787 2019-11-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
37 CVE-2019-13721 787 2019-11-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
38 CVE-2019-13720 787 2019-11-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
39 CVE-2019-13719 922 2019-11-25 2020-01-13
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.
40 CVE-2019-13718 2019-11-25 2020-08-24
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
41 CVE-2019-13717 922 2019-11-25 2020-01-13
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.
42 CVE-2019-13716 863 Bypass 2019-11-25 2020-01-13
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
43 CVE-2019-13715 290 2019-11-25 2020-01-13
4.3
None Remote Medium Not required None Partial None
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
44 CVE-2019-13714 94 2019-11-25 2020-08-24
4.3
None Remote Medium Not required None Partial None
Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL.
45 CVE-2019-13713 200 +Info 2019-11-25 2020-01-13
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
46 CVE-2019-13711 200 +Info 2019-11-25 2020-01-13
5.0
None Remote Low Not required Partial None None
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
47 CVE-2019-13710 Bypass 2019-11-25 2020-08-24
4.3
None Remote Medium Not required None Partial None
Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
48 CVE-2019-13709 290 Bypass 2019-11-25 2020-01-13
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
49 CVE-2019-13708 290 2019-11-25 2020-01-13
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
50 CVE-2019-13707 200 +Info 2019-11-25 2020-01-13
4.3
None Remote Medium Not required Partial None None
Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.
Total number of vulnerabilities : 312   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.