VYPR

Chrome

by Google

Source repositories

CVEs (5,374)

  • CVE-2020-6535MedJul 22, 2020
    risk 0.40cvss 6.1epss 0.01

    Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page.

  • CVE-2020-6470MedMay 21, 2020
    risk 0.40cvss 6.1epss 0.01

    Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents.

  • CVE-2019-13714MedNov 25, 2019
    risk 0.40cvss 6.1epss 0.01

    Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL.

  • CVE-2018-6145MedJun 27, 2019
    risk 0.40cvss 6.1epss 0.01

    Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

  • CVE-2018-6128MedJun 27, 2019
    risk 0.40cvss 6.1epss 0.01

    Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

  • CVE-2018-20071MedJan 9, 2019
    risk 0.40cvss 6.1epss 0.00

    Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page.

  • CVE-2018-16084MedJan 9, 2019
    risk 0.40cvss 6.1epss 0.01

    The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page.

  • CVE-2018-6081MedNov 14, 2018
    risk 0.40cvss 6.1epss 0.01

    XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.

  • CVE-2018-6076MedNov 14, 2018
    risk 0.40cvss 6.1epss 0.01

    Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page.

  • CVE-2018-6070MedNov 14, 2018
    risk 0.40cvss 6.1epss 0.01

    Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.

  • CVE-2018-6046MedSep 25, 2018
    risk 0.40cvss 6.1epss 0.01

    Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.

  • CVE-2018-6039MedSep 25, 2018
    risk 0.40cvss 6.1epss 0.01

    Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.

  • CVE-2017-15429MedAug 28, 2018
    risk 0.40cvss 6.1epss 0.01

    Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

  • CVE-2017-15427MedAug 28, 2018
    risk 0.40cvss 6.1epss 0.01

    Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.

  • CVE-2017-5085MedOct 27, 2017
    risk 0.40cvss 6.1epss 0.01

    Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark.

  • CVE-2017-5069MedOct 27, 2017
    risk 0.40cvss 6.1epss 0.01

    Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent Cross-Origin Resource Sharing checks via a crafted HTML page.

  • CVE-2017-5045MedApr 24, 2017
    risk 0.40cvss 6.1epss 0.01

    XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page.

  • CVE-2017-5020MedFeb 17, 2017
    risk 0.40cvss 6.1epss 0.02

    Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a…

  • CVE-2017-5018MedFeb 17, 2017
    risk 0.40cvss 6.1epss 0.01

    Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML…

  • CVE-2017-5010MedFeb 17, 2017
    risk 0.40cvss 6.1epss 0.01

    Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

Page 149 of 269