8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.4 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.0%
A vulnerability in the Picture-in-Picture (PiP) technology of the Google Chrome browser is related to errors in the presentation of
errors in the presentation of information by the user interface. Exploitation of the vulnerability could allow an attacker,
acting remotely, to conduct spoofing attacks
Autofill vulnerability in Google Chrome browser is related to incorrectly implemented security checks for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker,
acting remotely, to affect the integrity of protected information by downloading a specially crafted HTML page.
specially crafted HTML page
A vulnerability in the Payments component of the Google Chrome browser is related to incorrectly implemented security checks for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to bypass security restrictions and security controls.
remotely bypass security restrictions and gain unauthorized access to protected information.
A vulnerability in the Downloads component of the Google Chrome browser is associated with incorrectly implemented security checks for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker,
acting remotely, to gain unauthorized access to protected information using a specially crafted malicious web page.
malicious web page
A vulnerability in the Blink History component of the Google Chrome browser is related to writing beyond buffer boundaries in the
memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute
arbitrary code
A vulnerability in the Reading Mode component of Google Chrome browser is related to memory usage after it has been freed.
memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to gain
unauthorized access to protected information using a specially crafted web page
A vulnerability in the full-screen mode implementation of the Google Chrome browser is related to an incorrectly implemented security check for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker,
acting remotely, to affect the integrity of protected information by installing a malicious extension.
extension
A vulnerability in the Profiles component of the Google Chrome browser is related to memory usage after it is released.
freeing. Exploitation of the vulnerability could allow a remote intruder to gain unauthorized access to protected information by installing a malicious extension.
unauthorized access to protected information using a specially crafted web page
A vulnerability in the Autofill feature of the Autofill function of the Google Chrome browser that allows an attacker to disclose
protected information
A vulnerability in the “Side Panel” control of the Google Chrome browser is related to the use of memory after its release.
memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker,
acting remotely, to gain unauthorized access to protected information by using a specially crafted web page.
specially crafted web page
A vulnerability in the Downloads component of the Google Chrome browser is related to errors in the presentation of user interface information.
information presentation errors in the user interface. Exploitation of the vulnerability could allow an attacker,
acting remotely, to conduct spoofing attacks
Vulnerability in the Downloads component of Google Chrome browser is related to incorrectly implemented security checks for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker,
acting remotely, to gain unauthorized access to protected information through a specially designed web page.
specially crafted web page
A vulnerability in the Navigation component of the Google Chrome browser is related to errors in the presentation of information
user interface. Exploitation of the vulnerability could allow an attacker acting remotely,
Spoofing attacks using a specially crafted HTML page
A vulnerability in the USB peripheral connection interface of the Google Chrome browser is related to the following
insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code.
remotely execute arbitrary code using a specially crafted web page.
A vulnerability in the Cast component of the Google Chrome browser is related to memory usage after it has been freed.
Exploitation of the vulnerability could allow an attacker acting remotely to compromise the process of
rendering process using a specially crafted HTML page
A vulnerability in the Downloads component of the Google Chrome browser is related to an incorrectly implemented security check for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker,
acting remotely, to conduct a spoofing attack
A vulnerability in the Intents feature of Google Chrome browser is related to incorrectly implemented security checks for standard elements.
standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to bypass
existing access restrictions
Vulnerability in Extensions API component of Microsoft Edge and Google Chrome browser is related to incorrect security checks for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker,
acting remotely, to gain unauthorized access to protected information using a specially created HTML page.
specially crafted HTML page
A vulnerability in the Profiles component of Google Chrome and Microsoft Edge browsers is related to memory utilization
after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely,
execute arbitrary code or cause a denial of service using a specially crafted HTML page
A vulnerability in the Printing component of the Google Chrome browser is related to memory usage after it has been freed.
freeing. Exploitation of the vulnerability could allow an attacker acting remotely to gain
unauthorized access to protected information using a specially crafted web page
Vulnerability in PDFium component of Google Chrome browser is related to buffer overflow. Exploitation
vulnerability could allow a remote attacker to execute arbitrary code using a specially crafted PDF file.
specially crafted PDF file
Vulnerability in the Input component of Google Chrome browser is related to incorrectly implemented security checks for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to spoof the Input component of the Google Chrome browser.
remotely spoofing attacks using a specially crafted HTML page.
A vulnerability in the WebApp Provider component of Google Chrome browser is associated with incorrectly implemented security checks for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker,
acting remotely, to gain unauthorized access to protected information through the use of specially
malicious HTML pages created on purpose
A vulnerability in the DevTools web development toolkit for Microsoft Edge and Google Chrome browsers
is related to a buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary malicious HTML pages.
remotely execute arbitrary code using a specially crafted PDF file.
Vulnerability in the Site Isolation component of Google Chrome browser is related to memory usage after it is released.
freeing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted PDF file.
arbitrary code using a specially crafted HTML page
A vulnerability in the Installer component of the Google Chrome browser is related to incorrectly implemented security checks for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions.
remotely bypass existing security restrictions using a specially crafted HTML page.
A vulnerability in the web application test automation software tool chromedriver exists
due to failure to take measures to neutralize special elements. Exploitation of the vulnerability could allow
an attacker acting remotely to affect confidentiality, integrity and availability of protected information.
of protected information
A vulnerability in the USB peripheral connection interface of the Google Chrome browser is related to
operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker,
acting remotely, to execute arbitrary code using a specially crafted web page
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.4 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.0%