Chrome
by Google
Source repositories
CVEs (5,374)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-3310 | Med | 0.42 | 6.5 | 0.00 | Nov 1, 2022 | Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium) | ||
| CVE-2022-3309 | Med | 0.42 | 6.5 | 0.01 | Nov 1, 2022 | Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: Medium) | ||
| CVE-2022-3057 | Med | 0.42 | 6.5 | 0.01 | Sep 26, 2022 | Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2022-3056 | Med | 0.42 | 6.5 | 0.01 | Sep 26, 2022 | Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||
| CVE-2022-3054 | Med | 0.42 | 6.5 | 0.01 | Sep 26, 2022 | Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2022-3047 | Med | 0.42 | 6.5 | 0.00 | Sep 26, 2022 | Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. | ||
| CVE-2022-3044 | Med | 0.42 | 6.5 | 0.01 | Sep 26, 2022 | Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | ||
| CVE-2022-2861 | Med | 0.42 | 6.5 | 0.01 | Sep 26, 2022 | Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page. | ||
| CVE-2022-2860 | Med | 0.42 | 6.5 | 0.01 | Sep 26, 2022 | Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page. | ||
| CVE-2022-2622 | Med | 0.42 | 6.5 | 0.01 | Aug 12, 2022 | Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. | ||
| CVE-2022-2618 | Med | 0.42 | 6.5 | 0.01 | Aug 12, 2022 | Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . | ||
| CVE-2022-2616 | Med | 0.42 | 6.5 | 0.00 | Aug 12, 2022 | Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. | ||
| CVE-2022-2615 | Med | 0.42 | 6.5 | 0.01 | Aug 12, 2022 | Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2022-2612 | Med | 0.42 | 6.5 | 0.01 | Aug 12, 2022 | Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. | ||
| CVE-2022-2610 | Med | 0.42 | 6.5 | 0.01 | Aug 12, 2022 | Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2022-2605 | Med | 0.42 | 6.5 | 0.01 | Aug 12, 2022 | Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2022-2160 | Med | 0.42 | 6.5 | 0.01 | Jul 28, 2022 | Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. | ||
| CVE-2022-1873 | Med | 0.42 | 6.5 | 0.01 | Jul 27, 2022 | Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2022-1869 | Med | 0.42 | 6.5 | 0.01 | Jul 27, 2022 | Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2022-1868 | Med | 0.42 | 6.5 | 0.00 | Jul 27, 2022 | Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. |
- risk 0.42cvss 6.5epss 0.00
Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium)
- risk 0.42cvss 6.5epss 0.01
Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: Medium)
- risk 0.42cvss 6.5epss 0.01
Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.00
Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.
- risk 0.42cvss 6.5epss 0.01
Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file .
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page.
Page 126 of 269