VYPR

Chrome

by Google

Source repositories

CVEs (5,374)

  • CVE-2018-6037MedSep 25, 2018
    risk 0.42cvss 6.5epss 0.02

    Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page.

  • CVE-2018-6036MedSep 25, 2018
    risk 0.42cvss 6.5epss 0.02

    Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page.

  • CVE-2018-6032MedSep 25, 2018
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.

  • CVE-2017-15396MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.02

    A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15426MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-15425MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-15424MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-15420MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.02

    Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2017-15419MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.

  • CVE-2017-15416MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.02

    Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.

  • CVE-2017-15415MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.02

    Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.

  • CVE-2017-15395MedFeb 7, 2018
    risk 0.42cvss 6.5epss 0.01

    A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.

  • CVE-2017-15394MedFeb 7, 2018
    risk 0.42cvss 6.5epss 0.02

    Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.

  • CVE-2017-15391MedFeb 7, 2018
    risk 0.42cvss 6.5epss 0.01

    Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.

  • CVE-2017-15390MedFeb 7, 2018
    risk 0.42cvss 6.5epss 0.01

    Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-15389MedFeb 7, 2018
    risk 0.42cvss 6.5epss 0.01

    An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2017-15386MedFeb 7, 2018
    risk 0.42cvss 6.5epss 0.02

    Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2017-5120MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words,…

  • CVE-2017-5117MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.02

    Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2017-5110MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.

Page 142 of 269