VYPR

Chrome

by Google

Source repositories

CVEs (5,374)

  • CVE-2020-6412MedFeb 11, 2020
    risk 0.35cvss 5.4epss 0.01

    Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

  • CVE-2020-6411MedFeb 11, 2020
    risk 0.35cvss 5.4epss 0.01

    Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

  • CVE-2020-6394MedFeb 11, 2020
    risk 0.35cvss 5.4epss 0.02

    Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2019-13711MedNov 25, 2019
    risk 0.35cvss 5.3epss 0.01

    Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2019-13684MedNov 25, 2019
    risk 0.35cvss 5.3epss 0.01

    Inappropriate implementation in JavaScript in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2019-13680MedNov 25, 2019
    risk 0.35cvss 5.3epss 0.01

    Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.

  • CVE-2019-13660MedNov 25, 2019
    risk 0.35cvss 5.3epss 0.01

    UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.

  • CVE-2019-5823MedJun 27, 2019
    risk 0.35cvss 5.4epss 0.01

    Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2018-16086MedJun 27, 2019
    risk 0.35cvss 5.4epss 0.00

    Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

  • CVE-2018-16075MedJun 27, 2019
    risk 0.35cvss 5.3epss 0.01

    Insufficient file type enforcement in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain local file data via a crafted HTML page.

  • CVE-2018-6110MedJan 9, 2019
    risk 0.35cvss 5.4epss 0.01

    Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page.

  • CVE-2018-16079MedJan 9, 2019
    risk 0.35cvss 5.3epss 0.01

    A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2017-15423MedAug 28, 2018
    risk 0.35cvss 5.3epss 0.02

    Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.

  • CVE-2017-15417MedAug 28, 2018
    risk 0.35cvss 5.3epss 0.02

    Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2017-5107MedOct 27, 2017
    risk 0.35cvss 5.3epss 0.02

    A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page.

  • CVE-2017-5061MedOct 27, 2017
    risk 0.35cvss 5.3epss 0.01

    A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2016-5186MedDec 18, 2016
    risk 0.35cvss 5.3epss 0.01

    Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.

  • CVE-2016-5133MedJul 23, 2016
    risk 0.35cvss 5.3epss 0.01

    Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.

  • CVE-2016-1694MedJun 5, 2016
    risk 0.35cvss 5.3epss 0.01

    browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority.

  • CVE-2016-1693MedJun 5, 2016
    risk 0.35cvss 5.3epss 0.01

    browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack…

Page 155 of 269