Chrome
by Google
Source repositories
CVEs (5,374)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-6475 | Med | 0.42 | 6.5 | 0.02 | May 21, 2020 | Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. | ||
| CVE-2020-6473 | Med | 0.42 | 6.5 | 0.02 | May 21, 2020 | Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||
| CVE-2020-6472 | Med | 0.42 | 6.5 | 0.01 | May 21, 2020 | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension. | ||
| CVE-2020-6460 | Med | 0.42 | 6.5 | 0.01 | May 21, 2020 | Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name. | ||
| CVE-2020-6456 | Med | 0.42 | 6.5 | 0.01 | Apr 13, 2020 | Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents. | ||
| CVE-2020-6446 | Med | 0.42 | 6.5 | 0.02 | Apr 13, 2020 | Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||
| CVE-2020-6445 | Med | 0.42 | 6.5 | 0.02 | Apr 13, 2020 | Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||
| CVE-2020-6426 | Med | 0.42 | 6.5 | 0.03 | Mar 23, 2020 | Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6408 | Med | 0.42 | 6.5 | 0.02 | Feb 11, 2020 | Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. | ||
| CVE-2020-6405 | Med | 0.42 | 6.5 | 0.03 | Feb 11, 2020 | Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||
| CVE-2020-6401 | Med | 0.42 | 6.5 | 0.02 | Feb 11, 2020 | Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||
| CVE-2020-6400 | Med | 0.42 | 6.5 | 0.02 | Feb 11, 2020 | Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2020-6399 | Med | 0.42 | 6.5 | 0.02 | Feb 11, 2020 | Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2020-6397 | Med | 0.42 | 6.5 | 0.02 | Feb 11, 2020 | Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. | ||
| CVE-2020-6395 | Med | 0.42 | 6.5 | 0.02 | Feb 11, 2020 | Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | ||
| CVE-2020-6393 | Med | 0.42 | 6.5 | 0.02 | Feb 11, 2020 | Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2010-3917 | Med | 0.42 | 6.5 | 0.01 | Feb 6, 2020 | Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site. | ||
| CVE-2019-13722 | Med | 0.42 | 6.5 | 0.01 | Jan 14, 2020 | Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-5846 | Med | 0.42 | 6.5 | 0.01 | Jan 3, 2020 | Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-5845 | Med | 0.42 | 6.5 | 0.01 | Jan 3, 2020 | Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
- risk 0.42cvss 6.5epss 0.02
Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.02
Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension.
- risk 0.42cvss 6.5epss 0.01
Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name.
- risk 0.42cvss 6.5epss 0.01
Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents.
- risk 0.42cvss 6.5epss 0.02
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.02
Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.03
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.02
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.03
Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.02
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- risk 0.42cvss 6.5epss 0.02
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.02
Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.02
Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.02
Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.02
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site.
- risk 0.42cvss 6.5epss 0.01
Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Page 133 of 269