VYPR

Chrome

by Google

Source repositories

CVEs (5,374)

  • CVE-2024-1676MedFeb 21, 2024
    risk 0.37cvss 5.4epss 0.19

    Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2018-6171MedJun 27, 2019
    risk 0.37cvss 5.7epss 0.00

    Use after free in Bluetooth in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.

  • CVE-2018-18358MedDec 11, 2018
    risk 0.37cvss 5.7epss 0.00

    Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.

  • CVE-2017-5042MedApr 24, 2017
    risk 0.37cvss 5.7epss 0.00

    Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies…

  • CVE-2026-8586MedMay 14, 2026
    risk 0.36cvss 5.5epss 0.00

    Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: Medium)

  • CVE-2025-12439MedNov 10, 2025
    risk 0.36cvss 5.5epss 0.00

    Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium)

  • CVE-2024-3838MedApr 17, 2024
    risk 0.36cvss 5.5epss 0.00

    Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)

  • CVE-2021-37996MedNov 2, 2021
    risk 0.36cvss 5.5epss 0.01

    Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file.

  • CVE-2021-37990MedNov 2, 2021
    risk 0.36cvss 5.5epss 0.01

    Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app.

  • CVE-2021-21219MedApr 26, 2021
    risk 0.36cvss 5.5epss 0.01

    Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

  • CVE-2021-21218MedApr 26, 2021
    risk 0.36cvss 5.5epss 0.01

    Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

  • CVE-2021-21217MedApr 26, 2021
    risk 0.36cvss 5.5epss 0.02

    Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

  • CVE-2020-15989MedNov 3, 2020
    risk 0.36cvss 5.5epss 0.01

    Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

  • CVE-2019-5868MedNov 25, 2019
    risk 0.36cvss 5.5epss 0.01

    Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2019-5860MedNov 25, 2019
    risk 0.36cvss 5.5epss 0.01

    Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2019-13707MedNov 25, 2019
    risk 0.36cvss 5.5epss 0.00

    Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.

  • CVE-2018-20073MedJun 27, 2019
    risk 0.36cvss 5.5epss 0.00

    Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem.

  • CVE-2019-5804MedMay 23, 2019
    risk 0.36cvss 5.5epss 0.00

    Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.

  • CVE-2019-5765MedFeb 19, 2019
    risk 0.36cvss 5.5epss 0.01

    An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.

  • CVE-2018-6147MedJan 9, 2019
    risk 0.36cvss 5.5epss 0.00

    Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process.

Page 151 of 269