Chrome
by Google
Source repositories
CVEs (5,374)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-13675 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page. | ||
| CVE-2019-13674 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||
| CVE-2019-13671 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page. | ||
| CVE-2019-13669 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||
| CVE-2019-13667 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||
| CVE-2019-13663 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||
| CVE-2019-13661 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page. | ||
| CVE-2019-13659 | Med | 0.28 | 4.3 | 0.01 | Nov 25, 2019 | IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | ||
| CVE-2019-5840 | Med | 0.28 | 4.3 | 0.01 | Jun 27, 2019 | Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||
| CVE-2019-5839 | Med | 0.28 | 4.3 | 0.01 | Jun 27, 2019 | Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL. | ||
| CVE-2019-5838 | Med | 0.28 | 4.3 | 0.01 | Jun 27, 2019 | Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension. | ||
| CVE-2019-5833 | Med | 0.28 | 4.3 | 0.01 | Jun 27, 2019 | Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page. | ||
| CVE-2018-6177 | Med | 0.28 | 4.3 | 0.01 | Jun 27, 2019 | Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2018-6132 | Med | 0.28 | 4.3 | 0.01 | Jun 27, 2019 | Uninitialized data in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. | ||
| CVE-2019-5779 | Med | 0.28 | 4.3 | 0.03 | Feb 19, 2019 | Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||
| CVE-2018-6178 | Med | 0.28 | 4.3 | 0.01 | Jan 9, 2019 | Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension. | ||
| CVE-2018-6112 | Med | 0.28 | 4.3 | 0.02 | Jan 9, 2019 | Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||
| CVE-2018-20069 | Med | 0.28 | 4.3 | 0.00 | Jan 9, 2019 | Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. | ||
| CVE-2018-20068 | Med | 0.28 | 4.3 | 0.00 | Jan 9, 2019 | Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. | ||
| CVE-2018-20067 | Med | 0.28 | 4.3 | 0.00 | Jan 9, 2019 | A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. |
- risk 0.28cvss 4.3epss 0.01
Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- risk 0.28cvss 4.3epss 0.01
UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- risk 0.28cvss 4.3epss 0.01
UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- risk 0.28cvss 4.3epss 0.01
Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.
- risk 0.28cvss 4.3epss 0.01
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.
- risk 0.28cvss 4.3epss 0.01
Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Uninitialized data in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.
- risk 0.28cvss 4.3epss 0.03
Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension.
- risk 0.28cvss 4.3epss 0.02
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.00
Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.00
Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.00
A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page.
Page 171 of 269