VYPR

Chrome

by Google

Source repositories

CVEs (5,374)

  • CVE-2026-11122MedJun 4, 2026
    risk 0.40cvss 6.1epss 0.00

    Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11034MedJun 4, 2026
    risk 0.40cvss 6.1epss 0.00

    Insufficient validation of untrusted input in Tab Group Sync in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via malicious network traffic. (Chromium security severity: Medium)

  • CVE-2026-10916MedJun 4, 2026
    risk 0.40cvss 6.1epss 0.00

    Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7953MedMay 6, 2026
    risk 0.40cvss 6.1epss 0.00

    Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via malicious network traffic. (Chromium security severity: Medium)

  • CVE-2026-5899MedApr 8, 2026
    risk 0.40cvss 6.1epss 0.00

    Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-5896MedApr 8, 2026
    risk 0.40cvss 6.1epss 0.00

    Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2025-12910MedNov 8, 2025
    risk 0.40cvss 6.2epss 0.00

    Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information via debug logs. (Chromium security severity: Low)

  • CVE-2025-6044MedJul 7, 2025
    risk 0.40cvss 6.1epss 0.00

    An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on the garaged stylus devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the…

  • CVE-2024-8907MedSep 17, 2024
    risk 0.40cvss 6.1epss 0.00

    Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity:…

  • CVE-2024-3847MedApr 17, 2024
    risk 0.40cvss 6.1epss 0.01

    Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2024-3841MedApr 17, 2024
    risk 0.40cvss 6.1epss 0.01

    Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium)

  • CVE-2023-5480MedNov 1, 2023
    risk 0.40cvss 6.1epss 0.01

    Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)

  • CVE-2022-3863MedJan 2, 2023
    risk 0.40cvss 6.1epss 0.00

    Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)

  • CVE-2022-0801MedJan 2, 2023
    risk 0.40cvss 6.1epss 0.01

    Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)

  • CVE-2022-1494MedJul 26, 2022
    risk 0.40cvss 6.1epss 0.01

    Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page.

  • CVE-2022-1492MedJul 26, 2022
    risk 0.40cvss 6.1epss 0.01

    Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page.

  • CVE-2022-1132MedJul 23, 2022
    risk 0.40cvss 6.1epss 0.00

    Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device.

  • CVE-2021-37999MedNov 23, 2021
    risk 0.40cvss 6.1epss 0.01

    Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.

  • CVE-2020-16046MedJan 14, 2021
    risk 0.40cvss 6.1epss 0.01

    Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

  • CVE-2020-16030MedJan 8, 2021
    risk 0.40cvss 6.1epss 0.01

    Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

Page 148 of 269