Vendor CVEs
Chromium
All CVEs
483 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8007 | Hig | 0.49 | 7.5 | 0.00 | May 6, 2026 | Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-7976 | Hig | 0.49 | 7.5 | 0.00 | May 6, 2026 | Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium) | ||
| CVE-2026-7948 | Hig | 0.49 | 7.5 | 0.00 | May 6, 2026 | Race in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) | ||
| CVE-2026-7929 | Hig | 0.49 | 7.5 | 0.00 | May 6, 2026 | Use after free in MediaRecording in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-7897 | Hig | 0.49 | 7.5 | 0.00 | May 6, 2026 | Use after free in Mobile in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | ||
| CVE-2024-21527 | Hig | 0.46 | 8.2 | 0.01 | Jul 19, 2024 | Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook before 8.1.0 are… | ||
| CVE-2017-5124 | Med | 0.43 | 6.1 | 0.05 | Feb 7, 2018 | Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page. | ||
| CVE-2026-11653 | Med | 0.42 | 6.5 | 0.00 | Jun 9, 2026 | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11258 | Med | 0.42 | 6.5 | 0.00 | Jun 5, 2026 | Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11220 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11206 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-11197 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Insufficient policy enforcement in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-11183 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Out of bounds read in GWP-ASan in Google Chrome prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium) | ||
| CVE-2026-11180 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-11142 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-11106 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-11093 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Inappropriate implementation in Printing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-11022 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-11020 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted XML file. (Chromium security severity: Medium) | ||
| CVE-2026-11017 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Inappropriate implementation in Link Preview in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-10996 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Inappropriate implementation in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-9917 | Med | 0.42 | 6.5 | 0.00 | May 28, 2026 | Uninitialized Use in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2017-1000460 | Med | 0.42 | 6.5 | 0.00 | Jan 3, 2018 | In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception. | ||
| CVE-2026-9989 | Med | 0.41 | 6.3 | 0.00 | May 28, 2026 | Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High) | ||
| CVE-2026-8010 | Med | 0.41 | 6.3 | 0.00 | May 6, 2026 | Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-7977 | Med | 0.41 | 6.3 | 0.00 | May 6, 2026 | Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-7971 | Med | 0.41 | 6.3 | 0.00 | May 6, 2026 | Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-7953 | Med | 0.40 | 6.1 | 0.00 | May 6, 2026 | Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via malicious network traffic. (Chromium security severity: Medium) | ||
| CVE-2026-8019 | Med | 0.35 | 5.4 | 0.00 | May 6, 2026 | Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-8015 | Med | 0.35 | 5.4 | 0.00 | May 6, 2026 | Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-8012 | Med | 0.35 | 5.4 | 0.00 | May 6, 2026 | Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-8006 | Med | 0.35 | 5.4 | 0.00 | May 6, 2026 | Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | ||
| CVE-2026-8003 | Med | 0.35 | 5.4 | 0.00 | May 6, 2026 | Insufficient validation of untrusted input in TabGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low) | ||
| CVE-2026-7962 | Med | 0.35 | 5.4 | 0.00 | May 6, 2026 | Insufficient policy enforcement in DirectSockets in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via a crafted Chrome Extension. (Chromium security severity: Medium) | ||
| CVE-2026-7950 | Med | 0.35 | 5.4 | 0.00 | May 6, 2026 | Out of bounds read and write in GFX in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via malicious network traffic. (Chromium security severity: Medium) | ||
| CVE-2026-7939 | Med | 0.35 | 5.4 | 0.00 | May 6, 2026 | Inappropriate implementation in SanitizerAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-7935 | Med | 0.35 | 5.4 | 0.00 | May 6, 2026 | Inappropriate implementation in Speech in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-7931 | Med | 0.35 | 5.4 | 0.00 | May 6, 2026 | Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-11696 | Med | 0.34 | 5.3 | 0.00 | Jun 9, 2026 | Uninitialized Use in Video in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11174 | Med | 0.34 | 5.3 | 0.00 | Jun 4, 2026 | Inappropriate implementation in Site Isolation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-9124 | Med | 0.34 | 5.3 | 0.00 | May 20, 2026 | Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-8583 | Med | 0.34 | 5.3 | 0.00 | May 14, 2026 | Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity:… | ||
| CVE-2026-8582 | Med | 0.34 | 5.3 | 0.00 | May 14, 2026 | Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-8020 | Med | 0.34 | 5.3 | 0.00 | May 6, 2026 | Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-7960 | Med | 0.34 | 5.3 | 0.00 | May 6, 2026 | Race in Speech in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-11276 | Med | 0.33 | 5.1 | 0.00 | Jun 5, 2026 | Inappropriate implementation in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to bypass discretionary access control via malicious network traffic. (Chromium security severity: Low) | ||
| CVE-2026-9979 | Med | 0.33 | 5.0 | 0.00 | May 28, 2026 | Insufficient validation of untrusted input in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-9903 | Med | 0.33 | 5.0 | 0.00 | May 28, 2026 | Insufficient validation of untrusted input in Site Isolation in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted MHTML page. (Chromium security severity: High) | ||
| CVE-2026-41650 | Med | 0.33 | 6.1 | 0.00 | May 7, 2026 | fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "-->" sequence in comment content or the "]]>" sequence in CDATA sections when building XML from JavaScript objects. This… | ||
| CVE-2026-8009 | Med | 0.33 | 5.0 | 0.00 | May 6, 2026 | Inappropriate implementation in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) |
- risk 0.49cvss 7.5epss 0.00
Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
- risk 0.49cvss 7.5epss 0.00
Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)
- risk 0.49cvss 7.5epss 0.00
Race in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)
- risk 0.49cvss 7.5epss 0.00
Use after free in MediaRecording in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
- risk 0.49cvss 7.5epss 0.00
Use after free in Mobile in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
- risk 0.46cvss 8.2epss 0.01
Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook before 8.1.0 are…
- risk 0.43cvss 6.1epss 0.05
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.42cvss 6.5epss 0.00
Insufficient policy enforcement in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.42cvss 6.5epss 0.00
Out of bounds read in GWP-ASan in Google Chrome prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.42cvss 6.5epss 0.00
Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in Printing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.42cvss 6.5epss 0.00
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted XML file. (Chromium security severity: Medium)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in Link Preview in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.42cvss 6.5epss 0.00
Uninitialized Use in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
- risk 0.42cvss 6.5epss 0.00
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.
- risk 0.41cvss 6.3epss 0.00
Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High)
- risk 0.41cvss 6.3epss 0.00
Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)
- risk 0.41cvss 6.3epss 0.00
Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.41cvss 6.3epss 0.00
Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.40cvss 6.1epss 0.00
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via malicious network traffic. (Chromium security severity: Medium)
- risk 0.35cvss 5.4epss 0.00
Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- risk 0.35cvss 5.4epss 0.00
Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- risk 0.35cvss 5.4epss 0.00
Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)
- risk 0.35cvss 5.4epss 0.00
Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
- risk 0.35cvss 5.4epss 0.00
Insufficient validation of untrusted input in TabGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)
- risk 0.35cvss 5.4epss 0.00
Insufficient policy enforcement in DirectSockets in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via a crafted Chrome Extension. (Chromium security severity: Medium)
- risk 0.35cvss 5.4epss 0.00
Out of bounds read and write in GFX in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via malicious network traffic. (Chromium security severity: Medium)
- risk 0.35cvss 5.4epss 0.00
Inappropriate implementation in SanitizerAPI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.35cvss 5.4epss 0.00
Inappropriate implementation in Speech in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.35cvss 5.4epss 0.00
Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.34cvss 5.3epss 0.00
Uninitialized Use in Video in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
- risk 0.34cvss 5.3epss 0.00
Inappropriate implementation in Site Isolation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.34cvss 5.3epss 0.00
Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.34cvss 5.3epss 0.00
Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity:…
- risk 0.34cvss 5.3epss 0.00
Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.34cvss 5.3epss 0.00
Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
- risk 0.34cvss 5.3epss 0.00
Race in Speech in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.33cvss 5.1epss 0.00
Inappropriate implementation in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to bypass discretionary access control via malicious network traffic. (Chromium security severity: Low)
- risk 0.33cvss 5.0epss 0.00
Insufficient validation of untrusted input in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
- risk 0.33cvss 5.0epss 0.00
Insufficient validation of untrusted input in Site Isolation in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted MHTML page. (Chromium security severity: High)
- risk 0.33cvss 6.1epss 0.00
fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "-->" sequence in comment content or the "]]>" sequence in CDATA sections when building XML from JavaScript objects. This…
- risk 0.33cvss 5.0epss 0.00
Inappropriate implementation in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Page 3 of 10