VYPR

Chrome

by Google

Source repositories

CVEs (5,374)

  • CVE-2025-5066MedMay 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-5065MedMay 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-1704MedApr 16, 2025
    risk 0.42cvss 6.5epss 0.00

    ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition.

  • CVE-2025-3070MedApr 2, 2025
    risk 0.42cvss 6.5epss 0.00

    Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-1921MedMar 5, 2025
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-0442MedJan 15, 2025
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-0441MedJan 15, 2025
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-0440MedJan 15, 2025
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-0439MedJan 15, 2025
    risk 0.42cvss 6.5epss 0.00

    Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-0435MedJan 15, 2025
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-11110MedNov 12, 2024
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)

  • CVE-2024-5500MedJul 16, 2024
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-2884MedJul 16, 2024
    risk 0.42cvss 6.5epss 0.00

    Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-7011MedJul 16, 2024
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Picture in Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2020-36765MedJul 16, 2024
    risk 0.42cvss 6.5epss 0.00

    Insufficient policy enforcement in Navigation in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-6777MedJul 16, 2024
    risk 0.42cvss 6.5epss 0.00

    Use after free in Navigation in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

  • CVE-2024-5843MedJun 11, 2024
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium)

  • CVE-2024-5840MedJun 11, 2024
    risk 0.42cvss 6.5epss 0.00

    Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-5839MedJun 11, 2024
    risk 0.42cvss 6.5epss 0.00

    Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-4950MedMay 15, 2024
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Page 122 of 269