Chrome
by Google
Source repositories
CVEs (5,374)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-13755 | Med | 0.28 | 4.3 | 0.01 | Dec 10, 2019 | Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page. | ||
| CVE-2019-13754 | Med | 0.28 | 4.3 | 0.02 | Dec 10, 2019 | Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||
| CVE-2019-5875 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||
| CVE-2019-5873 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | Insufficient policy validation in navigation in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||
| CVE-2019-5864 | Med | 0.28 | 4.3 | 0.00 | Nov 25, 2019 | Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. | ||
| CVE-2019-5861 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to bypass anti-clickjacking policy via a crafted HTML page. | ||
| CVE-2019-13719 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page. | ||
| CVE-2019-13718 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||
| CVE-2019-13717 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page. | ||
| CVE-2019-13716 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||
| CVE-2019-13715 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||
| CVE-2019-13710 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page. | ||
| CVE-2019-13708 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||
| CVE-2019-13705 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. | ||
| CVE-2019-13704 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||
| CVE-2019-13703 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||
| CVE-2019-13701 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||
| CVE-2019-13691 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||
| CVE-2019-13681 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page. | ||
| CVE-2019-13676 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
- risk 0.28cvss 4.3epss 0.01
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.02
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Insufficient policy validation in navigation in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.00
Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
- risk 0.28cvss 4.3epss 0.01
Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to bypass anti-clickjacking policy via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- risk 0.28cvss 4.3epss 0.01
Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- risk 0.28cvss 4.3epss 0.01
Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.
- risk 0.28cvss 4.3epss 0.01
Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Page 170 of 269