VYPR

Vendor CVEs

Google

All CVEs

11,367 total · sorted by risk
  • CVE-2025-0996MedFeb 15, 2025
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-0445MedFeb 4, 2025
    risk 0.35cvss 5.4epss 0.00

    Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-33231MedNov 18, 2024
    risk 0.35cvss 5.4epss 0.00

    Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component.

  • CVE-2024-10486MedNov 18, 2024
    risk 0.35cvss 5.3epss 0.01

    The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information…

  • CVE-2024-1672MedFeb 21, 2024
    risk 0.35cvss 5.4epss 0.01

    Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-4361MedAug 15, 2023
    risk 0.35cvss 5.3epss 0.01

    Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2023-4359MedAug 15, 2023
    risk 0.35cvss 5.3epss 0.01

    Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2022-4910MedJul 29, 2023
    risk 0.35cvss 5.4epss 0.00

    Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2021-21200MedJan 2, 2023
    risk 0.35cvss 5.4epss 0.00

    Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low)

  • CVE-2022-3201MedSep 26, 2022
    risk 0.35cvss 5.4epss 0.01

    Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)

  • CVE-2021-22570MedJan 26, 2022
    risk 0.35cvss 6.5epss 0.03

    Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We…

  • CVE-2021-37958MedOct 8, 2021
    risk 0.35cvss 5.4epss 0.01

    Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.

  • CVE-2021-30539MedJun 7, 2021
    risk 0.35cvss 5.4epss 0.01

    Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2020-0279MedSep 17, 2020
    risk 0.35cvss 6.5epss 0.01

    In the AAC parser, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2020-0119MedJun 10, 2020
    risk 0.35cvss 5.3epss 0.01

    In addOrUpdateNetworkInternal and related functions of WifiConfigManager.java, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction…

  • CVE-2020-8910MedMar 26, 2020
    risk 0.35cvss 6.5epss 0.01

    A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your library to version v20200315.

  • CVE-2020-6425MedMar 23, 2020
    risk 0.35cvss 5.4epss 0.01

    Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension.

  • CVE-2020-6412MedFeb 11, 2020
    risk 0.35cvss 5.4epss 0.01

    Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

  • CVE-2020-6411MedFeb 11, 2020
    risk 0.35cvss 5.4epss 0.01

    Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

  • CVE-2020-6394MedFeb 11, 2020
    risk 0.35cvss 5.4epss 0.02

    Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2014-9908MedJan 8, 2020
    risk 0.35cvss 6.5epss 0.00

    A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558).

  • CVE-2019-13711MedNov 25, 2019
    risk 0.35cvss 5.3epss 0.01

    Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2019-13684MedNov 25, 2019
    risk 0.35cvss 5.3epss 0.01

    Inappropriate implementation in JavaScript in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2019-13680MedNov 25, 2019
    risk 0.35cvss 5.3epss 0.01

    Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.

  • CVE-2019-13660MedNov 25, 2019
    risk 0.35cvss 5.3epss 0.01

    UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.

  • CVE-2019-9283MedSep 27, 2019
    risk 0.35cvss 6.5epss 0.01

    In AAC Codec, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID:…

  • CVE-2019-5823MedJun 27, 2019
    risk 0.35cvss 5.4epss 0.01

    Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2018-16086MedJun 27, 2019
    risk 0.35cvss 5.4epss 0.00

    Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

  • CVE-2018-16075MedJun 27, 2019
    risk 0.35cvss 5.3epss 0.01

    Insufficient file type enforcement in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain local file data via a crafted HTML page.

  • CVE-2018-6110MedJan 9, 2019
    risk 0.35cvss 5.4epss 0.01

    Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page.

  • CVE-2018-16079MedJan 9, 2019
    risk 0.35cvss 5.3epss 0.01

    A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2017-15423MedAug 28, 2018
    risk 0.35cvss 5.3epss 0.02

    Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.

  • CVE-2017-15417MedAug 28, 2018
    risk 0.35cvss 5.3epss 0.02

    Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2017-5107MedOct 27, 2017
    risk 0.35cvss 5.3epss 0.02

    A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page.

  • CVE-2017-5061MedOct 27, 2017
    risk 0.35cvss 5.3epss 0.01

    A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2016-5186MedDec 18, 2016
    risk 0.35cvss 5.3epss 0.01

    Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.

  • CVE-2016-5133MedJul 23, 2016
    risk 0.35cvss 5.3epss 0.01

    Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.

  • CVE-2016-1694MedJun 5, 2016
    risk 0.35cvss 5.3epss 0.01

    browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority.

  • CVE-2016-1693MedJun 5, 2016
    risk 0.35cvss 5.3epss 0.01

    browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack…

  • CVE-2016-1692MedJun 5, 2016
    risk 0.35cvss 5.3epss 0.01

    WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same…

  • CVE-2016-1670MedMay 14, 2016
    risk 0.35cvss 5.3epss 0.01

    Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing…

  • CVE-2016-0824MedMar 12, 2016
    risk 0.35cvss 5.3epss 0.01

    libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal…

  • CVE-2016-2845MedMar 6, 2016
    risk 0.35cvss 5.3epss 0.02

    The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading…

  • CVE-2016-1940MedJan 31, 2016
    risk 0.35cvss 5.3epss 0.01

    Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.

  • CVE-2015-4000LowMay 21, 2015
    risk 0.35cvss 3.7epss 1.00

    The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by…

  • CVE-2026-12033MedJun 11, 2026
    risk 0.34cvss 5.3epss 0.00

    Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-12025MedJun 11, 2026
    risk 0.34cvss 5.3epss 0.00

    Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-12015MedJun 11, 2026
    risk 0.34cvss 5.3epss 0.00

    Use after free in Autofill in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11696MedJun 9, 2026
    risk 0.34cvss 5.3epss 0.00

    Uninitialized Use in Video in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11678MedJun 9, 2026
    risk 0.34cvss 5.3epss 0.00

    Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Page 155 of 228