Vendor CVEs
All CVEs
11,416 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3876 | Med | 0.44 | 6.8 | 0.00 | Sep 11, 2016 | providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge (adb) tool, aka internal bug… | ||
| CVE-2016-3875 | Med | 0.44 | 6.8 | 0.00 | Sep 11, 2016 | server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 does not enforce the DISALLOW_SAFE_BOOT setting, which allows physically proximate attackers to bypass intended access restrictions and boot to safe mode via unspecified vectors, aka internal bug 26251884. | ||
| CVE-2014-9888 | Hig | 0.44 | 7.8 | 0.00 | Aug 6, 2016 | arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android… | ||
| CVE-2014-9870 | Hig | 0.44 | 7.8 | 0.01 | Aug 6, 2016 | The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal… | ||
| CVE-2014-9803 | Hig | 0.44 | 7.8 | 0.01 | Jul 11, 2016 | arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug… | ||
| CVE-2016-0774 | Med | 0.44 | 6.8 | 0.00 | Apr 27, 2016 | The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the… | ||
| CVE-2026-52906 | Hig | 0.43 | 7.7 | 0.00 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being ORed instead of replaced Since commit 1f3e4142c0eb ("9p: convert to the new mount API"), v9fs_apply_options() applies parsed mount flags with |= onto flags already set by… | ||
| CVE-2026-5892 | Med | 0.43 | 6.6 | 0.00 | Apr 8, 2026 | Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-2172 | Med | 0.43 | — | 0.07 | Jun 23, 2025 | Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames | ||
| CVE-2024-56187 | Med | 0.43 | 6.6 | 0.00 | Mar 10, 2025 | In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2023-20941 | Med | 0.43 | 6.6 | 0.00 | Apr 19, 2023 | In acc_ctrlrequest_composite of f_accessory.c, there is a possible out of bounds write due to a missing bounds check. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:… | ||
| CVE-2021-30582 | Med | 0.43 | 6.5 | 0.05 | Aug 3, 2021 | Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2021-21141 | Med | 0.43 | 6.5 | 0.05 | Feb 9, 2021 | Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page. | ||
| CVE-2021-21139 | Med | 0.43 | 6.5 | 0.05 | Feb 9, 2021 | Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||
| CVE-2021-21137 | Med | 0.43 | 6.5 | 0.06 | Feb 9, 2021 | Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. | ||
| CVE-2021-21136 | Med | 0.43 | 6.5 | 0.04 | Feb 9, 2021 | Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||
| CVE-2021-21134 | Med | 0.43 | 6.5 | 0.05 | Feb 9, 2021 | Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page. | ||
| CVE-2021-21131 | Med | 0.43 | 6.5 | 0.08 | Feb 9, 2021 | Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | ||
| CVE-2021-21130 | Med | 0.43 | 6.5 | 0.05 | Feb 9, 2021 | Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | ||
| CVE-2021-21129 | Med | 0.43 | 6.5 | 0.05 | Feb 9, 2021 | Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | ||
| CVE-2021-21126 | Med | 0.43 | 6.5 | 0.09 | Feb 9, 2021 | Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. | ||
| CVE-2021-21123 | Med | 0.43 | 6.5 | 0.10 | Feb 9, 2021 | Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | ||
| CVE-2020-6514 | Med | 0.43 | 6.5 | 0.08 | Jul 22, 2020 | Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. | ||
| CVE-2019-7090 | Med | 0.43 | 6.5 | 0.05 | May 24, 2019 | Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions 32.0.0.114 and earlier have an out-of-bounds read vulnerability. Successful… | ||
| CVE-2019-5798 | Med | 0.43 | 6.5 | 0.03 | May 23, 2019 | Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||
| CVE-2017-5124 | Med | 0.43 | 6.1 | 0.05 | Feb 7, 2018 | Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page. | ||
| CVE-2015-6643 | Med | 0.43 | 6.6 | 0.00 | Jan 6, 2016 | Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269. | ||
| CVE-2026-12026 | Med | 0.42 | 6.5 | 0.00 | Jun 11, 2026 | Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-12024 | Med | 0.42 | 6.5 | 0.00 | Jun 11, 2026 | Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11658 | Med | 0.42 | 6.5 | 0.00 | Jun 9, 2026 | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11653 | Med | 0.42 | 6.5 | 0.00 | Jun 9, 2026 | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-46306 | Hig | 0.42 | 7.5 | 0.00 | Jun 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: flow_dissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression (PFC) is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE… | ||
| CVE-2026-11299 | Med | 0.42 | 6.5 | 0.00 | Jun 5, 2026 | Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11289 | Med | 0.42 | 6.5 | 0.00 | Jun 5, 2026 | Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11288 | Med | 0.42 | 6.5 | 0.00 | Jun 5, 2026 | Insufficient policy enforcement in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11287 | Med | 0.42 | 6.5 | 0.00 | Jun 5, 2026 | Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11284 | Med | 0.42 | 6.5 | 0.00 | Jun 5, 2026 | Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11283 | Med | 0.42 | 6.5 | 0.00 | Jun 5, 2026 | Insufficient validation of untrusted input in Shortcuts in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Low) | ||
| CVE-2026-11278 | Med | 0.42 | 6.5 | 0.00 | Jun 5, 2026 | Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11275 | Med | 0.42 | 6.5 | 0.00 | Jun 5, 2026 | Inappropriate implementation in Page Info in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11271 | Med | 0.42 | 6.5 | 0.00 | Jun 5, 2026 | Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11270 | Med | 0.42 | 6.5 | 0.00 | Jun 5, 2026 | Inappropriate implementation in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11268 | Med | 0.42 | 6.5 | 0.00 | Jun 5, 2026 | Uninitialized Use in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11263 | Med | 0.42 | 6.5 | 0.00 | Jun 5, 2026 | Insufficient policy enforcement in WebAuthentication in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11258 | Med | 0.42 | 6.5 | 0.00 | Jun 5, 2026 | Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11227 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Incorrect security UI in Tab Hover Cards in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low) | ||
| CVE-2026-11226 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Insufficient policy enforcement in PreviewTab in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11225 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low) | ||
| CVE-2026-11223 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2026-11222 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2026 | Incorrect security UI in Tab Strip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) |
- risk 0.44cvss 6.8epss 0.00
providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge (adb) tool, aka internal bug…
- risk 0.44cvss 6.8epss 0.00
server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 does not enforce the DISALLOW_SAFE_BOOT setting, which allows physically proximate attackers to bypass intended access restrictions and boot to safe mode via unspecified vectors, aka internal bug 26251884.
- risk 0.44cvss 7.8epss 0.00
arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android…
- risk 0.44cvss 7.8epss 0.01
The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal…
- risk 0.44cvss 7.8epss 0.01
arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug…
- risk 0.44cvss 6.8epss 0.00
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the…
- risk 0.43cvss 7.7epss 0.00
In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being ORed instead of replaced Since commit 1f3e4142c0eb ("9p: convert to the new mount API"), v9fs_apply_options() applies parsed mount flags with |= onto flags already set by…
- risk 0.43cvss 6.6epss 0.00
Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.43cvss —epss 0.07
Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames
- risk 0.43cvss 6.6epss 0.00
In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
- risk 0.43cvss 6.6epss 0.00
In acc_ctrlrequest_composite of f_accessory.c, there is a possible out of bounds write due to a missing bounds check. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:…
- risk 0.43cvss 6.5epss 0.05
Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.43cvss 6.5epss 0.05
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.
- risk 0.43cvss 6.5epss 0.05
Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- risk 0.43cvss 6.5epss 0.06
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
- risk 0.43cvss 6.5epss 0.04
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- risk 0.43cvss 6.5epss 0.05
Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.
- risk 0.43cvss 6.5epss 0.08
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
- risk 0.43cvss 6.5epss 0.05
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
- risk 0.43cvss 6.5epss 0.05
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
- risk 0.43cvss 6.5epss 0.09
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.
- risk 0.43cvss 6.5epss 0.10
Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
- risk 0.43cvss 6.5epss 0.08
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
- risk 0.43cvss 6.5epss 0.05
Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions 32.0.0.114 and earlier have an out-of-bounds read vulnerability. Successful…
- risk 0.43cvss 6.5epss 0.03
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- risk 0.43cvss 6.1epss 0.05
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.
- risk 0.43cvss 6.6epss 0.00
Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269.
- risk 0.42cvss 6.5epss 0.00
Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
- risk 0.42cvss 6.5epss 0.00
Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
- risk 0.42cvss 6.5epss 0.00
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
- risk 0.42cvss 7.5epss 0.00
In the Linux kernel, the following vulnerability has been resolved: flow_dissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression (PFC) is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE…
- risk 0.42cvss 6.5epss 0.00
Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Insufficient policy enforcement in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Insufficient validation of untrusted input in Shortcuts in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in Page Info in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Uninitialized Use in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Insufficient policy enforcement in WebAuthentication in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Incorrect security UI in Tab Hover Cards in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Insufficient policy enforcement in PreviewTab in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)
- risk 0.42cvss 6.5epss 0.00
Incorrect security UI in Tab Strip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)
Page 119 of 229