VYPR

Chrome

by Google

Source repositories

CVEs (5,373)

  • CVE-2026-8564MedMay 14, 2026
    risk 0.27cvss 4.2epss 0.00

    Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-8021MedMay 6, 2026
    risk 0.27cvss 4.2epss 0.00

    Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-7996MedMay 6, 2026
    risk 0.27cvss 4.2epss 0.00

    Insufficient validation of untrusted input in SSL in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-7993MedMay 6, 2026
    risk 0.27cvss 4.2epss 0.00

    Insufficient validation of untrusted input in Payments in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity:…

  • CVE-2026-7989MedMay 6, 2026
    risk 0.27cvss 4.2epss 0.00

    Insufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7964MedMay 6, 2026
    risk 0.27cvss 4.2epss 0.00

    Insufficient validation of untrusted input in FileSystem in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7952MedMay 6, 2026
    risk 0.27cvss 4.2epss 0.00

    Insufficient policy enforcement in Extensions in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7947MedMay 6, 2026
    risk 0.27cvss 4.2epss 0.00

    Insufficient validation of untrusted input in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7943MedMay 6, 2026
    risk 0.27cvss 4.2epss 0.00

    Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7934MedMay 6, 2026
    risk 0.27cvss 4.2epss 0.00

    Insufficient validation of untrusted input in Popup Blocker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7912MedMay 6, 2026
    risk 0.27cvss 4.2epss 0.00

    Integer overflow in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10998MedJun 4, 2026
    risk 0.26cvss 4.0epss 0.00

    Out of bounds read in Media in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform an out of bounds memory read via malicious network traffic. (Chromium security severity: Medium)

  • CVE-2018-6053LowSep 25, 2018
    risk 0.22cvss 3.3epss 0.01

    Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.

  • CVE-2021-37964LowOct 8, 2021
    risk 0.21cvss 3.3epss 0.01

    Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file.

  • CVE-2019-13762LowDec 10, 2019
    risk 0.21cvss 3.3epss 0.00

    Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.

  • CVE-2019-13679LowNov 25, 2019
    risk 0.21cvss 3.3epss 0.01

    Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.

  • CVE-2017-5081LowOct 27, 2017
    risk 0.21cvss 3.3epss 0.00

    Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.

  • CVE-2026-12032LowJun 11, 2026
    risk 0.20cvss 3.1epss 0.00

    Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-12017LowJun 11, 2026
    risk 0.20cvss 3.1epss 0.00

    Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11691LowJun 9, 2026
    risk 0.20cvss 3.1epss 0.00

    Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Page 175 of 269