VYPR

Chrome

by Google

Source repositories

CVEs (5,374)

  • CVE-2019-5800MedMay 23, 2019
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2019-5799MedMay 23, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2019-5794MedMay 23, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

  • CVE-2019-5793MedMay 23, 2019
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.

  • CVE-2019-5781MedFeb 19, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

  • CVE-2019-5778MedFeb 19, 2019
    risk 0.42cvss 6.5epss 0.01

    A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome…

  • CVE-2019-5777MedFeb 19, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

  • CVE-2019-5776MedFeb 19, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

  • CVE-2019-5775MedFeb 19, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

  • CVE-2019-5773MedFeb 19, 2019
    risk 0.42cvss 6.5epss 0.02

    Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.

  • CVE-2019-5768MedFeb 19, 2019
    risk 0.42cvss 6.5epss 0.01

    DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.

  • CVE-2019-5767MedFeb 19, 2019
    risk 0.42cvss 6.5epss 0.01

    Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.

  • CVE-2019-5766MedFeb 19, 2019
    risk 0.42cvss 6.5epss 0.02

    Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2019-5754MedFeb 19, 2019
    risk 0.42cvss 6.5epss 0.01

    Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.

  • CVE-2018-6179MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.

  • CVE-2018-6175MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

  • CVE-2018-6173MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

  • CVE-2018-6172MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

  • CVE-2018-6169MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page.

  • CVE-2018-6167MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Page 138 of 269