VYPR

Chrome

by Google

Source repositories

CVEs (5,374)

  • CVE-2017-5082MedOct 27, 2017
    risk 0.36cvss 5.5epss 0.00

    Failure to take advantage of available mitigations in credit card autofill in Google Chrome prior to 59.0.3071.92 for Android allowed a local attacker to take screen shots of credit card information via a crafted HTML page.

  • CVE-2015-1206MedOct 6, 2017
    risk 0.36cvss 5.5epss 0.01

    Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.

  • CVE-2017-5025MedFeb 17, 2017
    risk 0.36cvss 5.5epss 0.01

    FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

  • CVE-2017-5024MedFeb 17, 2017
    risk 0.36cvss 5.5epss 0.01

    FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

  • CVE-2016-7153MedSep 6, 2016
    risk 0.36cvss 5.3epss 0.14

    The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a…

  • CVE-2016-7152MedSep 6, 2016
    risk 0.36cvss 5.3epss 0.14

    The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a…

  • CVE-2026-11701MedJun 9, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11666MedJun 9, 2026
    risk 0.35cvss 5.4epss 0.00

    Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11243MedJun 5, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11232MedJun 4, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in TabGroups in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)

  • CVE-2026-11157MedJun 4, 2026
    risk 0.35cvss 5.4epss 0.00

    Script injection in Accessibility in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML (UXSS) via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2026-10984MedJun 4, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in Accessibility in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9971MedMay 28, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-8561MedMay 14, 2026
    risk 0.35cvss 5.4epss 0.00

    Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-8539MedMay 14, 2026
    risk 0.35cvss 5.4epss 0.00

    Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-8019MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-8015MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-8012MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-8008MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

  • CVE-2026-8006MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

Page 152 of 269