Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.
Max CVSS
3.3
EPSS Score
0.04%
Published
2017-10-27
Updated
2022-04-06
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.
Max CVSS
3.3
EPSS Score
0.04%
Published
2019-12-10
Updated
2023-02-15
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice.
Max CVSS
3.1
EPSS Score
0.39%
Published
2016-09-11
Updated
2018-10-30
Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium security severity: Low)
Max CVSS
3.1
EPSS Score
0.05%
Published
2023-07-29
Updated
2023-08-12
4 vulnerabilities found