VYPR

Chrome

by Google

Source repositories

CVEs (5,374)

  • CVE-2026-9989MedMay 28, 2026
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High)

  • CVE-2026-8010MedMay 6, 2026
    risk 0.41cvss 6.3epss 0.00

    Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-7977MedMay 6, 2026
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7971MedMay 6, 2026
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-5273MedApr 1, 2026
    risk 0.41cvss 6.3epss 0.00

    Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-13983MedNov 14, 2025
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. (Chromium security severity: Low)

  • CVE-2025-11216MedNov 6, 2025
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. (Chromium security severity: Low)

  • CVE-2025-11213MedNov 6, 2025
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-11212MedNov 6, 2025
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-11208MedNov 6, 2025
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-4051MedMay 5, 2025
    risk 0.41cvss 6.3epss 0.00

    Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-0451MedFeb 4, 2025
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2025-0444MedFeb 4, 2025
    risk 0.41cvss 6.3epss 0.00

    Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-3175MedJul 16, 2024
    risk 0.41cvss 6.3epss 0.00

    Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)

  • CVE-2023-5473MedOct 11, 2023
    risk 0.41cvss 6.3epss 0.01

    Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2023-3739MedAug 1, 2023
    risk 0.41cvss 6.3epss 0.00

    Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low)

  • CVE-2022-4909MedJul 29, 2023
    risk 0.41cvss 6.3epss 0.00

    Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2023-1235MedMar 7, 2023
    risk 0.41cvss 6.3epss 0.00

    Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)

  • CVE-2022-2164MedJul 28, 2022
    risk 0.41cvss 6.3epss 0.01

    Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page.

  • CVE-2022-1499MedJul 26, 2022
    risk 0.41cvss 6.3epss 0.01

    Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

Page 146 of 269