CVE-2020-16040

Public exploit
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
6.5
EPSS Score
24.38%
Published
2021-01-08
Updated
2021-07-21

CVE-2019-5825

Known exploited
Public exploit
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
6.5
EPSS Score
67.17%
Published
2019-11-25
Updated
2022-10-07
CISA KEV Added
2022-06-08

CVE-2019-5786

Known exploited
Public exploit
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Max CVSS
6.5
EPSS Score
97.22%
Published
2019-06-27
Updated
2024-02-15
CISA KEV Added
2022-05-23
Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.08%
Published
2024-01-24
Updated
2024-01-29
Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)
Max CVSS
6.5
EPSS Score
0.10%
Published
2023-12-06
Updated
2024-02-15
Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.09%
Published
2023-10-11
Updated
2024-01-31
Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.15%
Published
2023-10-11
Updated
2024-01-31
Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.13%
Published
2023-10-11
Updated
2024-01-31
Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.13%
Published
2023-10-11
Updated
2024-01-31
Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)
Max CVSS
6.1
EPSS Score
0.10%
Published
2023-11-01
Updated
2024-01-31
Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.06%
Published
2023-10-11
Updated
2024-01-31
Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-10-11
Updated
2024-01-31
Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Max CVSS
6.3
EPSS Score
0.14%
Published
2023-10-11
Updated
2024-01-31
Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
Max CVSS
6.5
EPSS Score
0.15%
Published
2023-09-05
Updated
2024-01-31
Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.06%
Published
2023-08-15
Updated
2024-01-31
Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
Max CVSS
6.5
EPSS Score
0.11%
Published
2023-08-15
Updated
2024-01-31
Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High)
Max CVSS
6.8
EPSS Score
0.05%
Published
2023-12-20
Updated
2024-01-04
Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low)
Max CVSS
6.3
EPSS Score
0.06%
Published
2023-08-01
Updated
2023-08-15
Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-05-30
Updated
2024-01-31
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.17%
Published
2023-05-03
Updated
2023-10-20
Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Max CVSS
6.5
EPSS Score
0.09%
Published
2023-07-29
Updated
2023-08-10
Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)
Max CVSS
6.5
EPSS Score
0.09%
Published
2023-07-29
Updated
2023-08-10
Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Max CVSS
6.5
EPSS Score
0.13%
Published
2023-04-04
Updated
2023-10-20
Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)
Max CVSS
6.5
EPSS Score
0.13%
Published
2023-04-04
Updated
2023-10-20
Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Max CVSS
6.5
EPSS Score
0.10%
Published
2023-04-04
Updated
2023-10-20
757 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!