VYPR

Chrome

by Google

Source repositories

CVEs (5,374)

  • CVE-2023-1817MedApr 4, 2023
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-1816MedApr 4, 2023
    risk 0.42cvss 6.5epss 0.01

    Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-1814MedApr 4, 2023
    risk 0.42cvss 6.5epss 0.01

    Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-1813MedApr 4, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-1226MedMar 7, 2023
    risk 0.42cvss 6.5epss 0.00

    Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-1217MedMar 7, 2023
    risk 0.42cvss 6.5epss 0.01

    Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity:…

  • CVE-2023-0704MedFeb 7, 2023
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2023-0700MedFeb 7, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-0697MedFeb 7, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-0140MedJan 10, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2023-0139MedJan 10, 2023
    risk 0.42cvss 6.5epss 0.01

    Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2023-0133MedJan 10, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-0132MedJan 10, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-0131MedJan 10, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-0130MedJan 10, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2022-0337MedJan 2, 2023
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High)

  • CVE-2022-4187MedNov 30, 2022
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2022-3314MedNov 1, 2022
    risk 0.42cvss 6.5epss 0.00

    Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2022-3313MedNov 1, 2022
    risk 0.42cvss 6.5epss 0.01

    Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2022-3311MedNov 1, 2022
    risk 0.42cvss 6.5epss 0.01

    Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Page 125 of 269