Chrome
by Google
Source repositories
CVEs (5,374)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-3742 | Med | 0.44 | 6.8 | 0.00 | Dec 20, 2023 | Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High) | ||
| CVE-2022-3048 | Med | 0.44 | 6.8 | 0.00 | Sep 26, 2022 | Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device. | ||
| CVE-2021-30597 | Med | 0.44 | 6.8 | 0.01 | Aug 26, 2021 | Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. | ||
| CVE-2021-30594 | Med | 0.44 | 6.8 | 0.01 | Aug 26, 2021 | Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. | ||
| CVE-2021-21216 | Med | 0.44 | 6.5 | 0.22 | Apr 26, 2021 | Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. | ||
| CVE-2021-21177 | Med | 0.44 | 6.5 | 0.17 | Mar 9, 2021 | Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||
| CVE-2021-21140 | Med | 0.44 | 6.8 | 0.01 | Feb 9, 2021 | Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device. | ||
| CVE-2021-21135 | Med | 0.44 | 6.5 | 0.19 | Feb 9, 2021 | Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2026-5892 | Med | 0.43 | 6.6 | 0.00 | Apr 8, 2026 | Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2021-30582 | Med | 0.43 | 6.5 | 0.05 | Aug 3, 2021 | Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2021-21141 | Med | 0.43 | 6.5 | 0.05 | Feb 9, 2021 | Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page. | ||
| CVE-2021-21139 | Med | 0.43 | 6.5 | 0.05 | Feb 9, 2021 | Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||
| CVE-2021-21137 | Med | 0.43 | 6.5 | 0.06 | Feb 9, 2021 | Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. | ||
| CVE-2021-21136 | Med | 0.43 | 6.5 | 0.04 | Feb 9, 2021 | Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2021-21134 | Med | 0.43 | 6.5 | 0.05 | Feb 9, 2021 | Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page. | ||
| CVE-2021-21131 | Med | 0.43 | 6.5 | 0.08 | Feb 9, 2021 | Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | ||
| CVE-2021-21130 | Med | 0.43 | 6.5 | 0.05 | Feb 9, 2021 | Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | ||
| CVE-2021-21129 | Med | 0.43 | 6.5 | 0.05 | Feb 9, 2021 | Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | ||
| CVE-2021-21126 | Med | 0.43 | 6.5 | 0.09 | Feb 9, 2021 | Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. | ||
| CVE-2021-21123 | Med | 0.43 | 6.5 | 0.10 | Feb 9, 2021 | Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. |
- risk 0.44cvss 6.8epss 0.00
Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High)
- risk 0.44cvss 6.8epss 0.00
Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.
- risk 0.44cvss 6.8epss 0.01
Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.
- risk 0.44cvss 6.8epss 0.01
Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.
- risk 0.44cvss 6.5epss 0.22
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
- risk 0.44cvss 6.5epss 0.17
Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- risk 0.44cvss 6.8epss 0.01
Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.
- risk 0.44cvss 6.5epss 0.19
Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.43cvss 6.6epss 0.00
Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.43cvss 6.5epss 0.05
Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.43cvss 6.5epss 0.05
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.
- risk 0.43cvss 6.5epss 0.05
Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- risk 0.43cvss 6.5epss 0.06
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
- risk 0.43cvss 6.5epss 0.04
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.43cvss 6.5epss 0.05
Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.
- risk 0.43cvss 6.5epss 0.08
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
- risk 0.43cvss 6.5epss 0.05
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
- risk 0.43cvss 6.5epss 0.05
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
- risk 0.43cvss 6.5epss 0.09
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.
- risk 0.43cvss 6.5epss 0.10
Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
Page 113 of 269