VYPR

Chrome

by Google

Source repositories

CVEs (5,374)

  • CVE-2026-9942MedMay 28, 2026
    risk 0.33cvss 5.0epss 0.00

    Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9903MedMay 28, 2026
    risk 0.33cvss 5.0epss 0.00

    Insufficient validation of untrusted input in Site Isolation in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted MHTML page. (Chromium security severity: High)

  • CVE-2026-10010MedMay 28, 2026
    risk 0.33cvss 5.0epss 0.00

    Inappropriate implementation in Input in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-8009MedMay 6, 2026
    risk 0.33cvss 5.0epss 0.00

    Inappropriate implementation in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11249MedJun 5, 2026
    risk 0.31cvss 4.7epss 0.00

    Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11233MedJun 4, 2026
    risk 0.31cvss 4.7epss 0.00

    Insufficient policy enforcement in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-8565MedMay 14, 2026
    risk 0.31cvss 4.7epss 0.00

    Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2025-13992MedDec 3, 2025
    risk 0.31cvss 4.7epss 0.00

    Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-6995MedAug 6, 2024
    risk 0.31cvss 4.7epss 0.00

    Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity:…

  • CVE-2023-7013MedJul 16, 2024
    risk 0.31cvss 4.7epss 0.00

    Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2018-6082MedNov 14, 2018
    risk 0.31cvss 4.7epss 0.01

    Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.

  • CVE-2017-5065MedOct 27, 2017
    risk 0.31cvss 4.7epss 0.01

    Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page.

  • CVE-2023-3497MedJul 3, 2023
    risk 0.30cvss 4.6epss 0.00

    Out of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114.0.5735.90 allowed a local attacker to perform denial of service via physical access to the device. (Chromium security severity: Medium)

  • CVE-2022-3312MedNov 1, 2022
    risk 0.30cvss 4.6epss 0.00

    Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a local attacker to bypass managed device restrictions via physical access to the device. (Chromium security severity: Medium)

  • CVE-2017-5040MedApr 24, 2017
    risk 0.30cvss 4.3epss 0.22

    V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page.

  • CVE-2026-7941MedMay 6, 2026
    risk 0.29cvss 4.4epss 0.00

    Insufficient validation of untrusted input in Mobile in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2026-7932MedMay 6, 2026
    risk 0.29cvss 4.4epss 0.00

    Insufficient policy enforcement in Downloads in Google Chrome prior to 148.0.7778.96 allowed a local attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-13635MedDec 2, 2025
    risk 0.29cvss 4.4epss 0.00

    Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2025-13634MedDec 2, 2025
    risk 0.29cvss 4.4epss 0.00

    Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2021-30538MedJun 7, 2021
    risk 0.29cvss 4.3epss 0.16

    Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Page 158 of 269