VYPR

Chrome

by Google

Source repositories

CVEs (5,374)

  • CVE-2022-3310MedNov 1, 2022
    risk 0.42cvss 6.5epss 0.00

    Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium)

  • CVE-2022-3309MedNov 1, 2022
    risk 0.42cvss 6.5epss 0.01

    Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: Medium)

  • CVE-2022-3057MedSep 26, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2022-3056MedSep 26, 2022
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2022-3054MedSep 26, 2022
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2022-3047MedSep 26, 2022
    risk 0.42cvss 6.5epss 0.00

    Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.

  • CVE-2022-3044MedSep 26, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

  • CVE-2022-2861MedSep 26, 2022
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.

  • CVE-2022-2860MedSep 26, 2022
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.

  • CVE-2022-2622MedAug 12, 2022
    risk 0.42cvss 6.5epss 0.01

    Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.

  • CVE-2022-2618MedAug 12, 2022
    risk 0.42cvss 6.5epss 0.01

    Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file .

  • CVE-2022-2616MedAug 12, 2022
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension.

  • CVE-2022-2615MedAug 12, 2022
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2022-2612MedAug 12, 2022
    risk 0.42cvss 6.5epss 0.01

    Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2022-2610MedAug 12, 2022
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2022-2605MedAug 12, 2022
    risk 0.42cvss 6.5epss 0.01

    Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2022-2160MedJul 28, 2022
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page.

  • CVE-2022-1873MedJul 27, 2022
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2022-1869MedJul 27, 2022
    risk 0.42cvss 6.5epss 0.01

    Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2022-1868MedJul 27, 2022
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page.

Page 126 of 269