15 matches found
Google Chrome WebRTC RTCStatsCollector out of bounds memory access vulnerability
Talos Vulnerability Report TALOS-2023-1693 Google Chrome WebRTC RTCStatsCollector out of bounds memory access vulnerability May 4, 2023 CVE Number CVE-2023-0698 SUMMARY An out-of-bounds memory access vulnerability exists in stats reporting functionality of the WebRTC implementation in Google Chro...
SUSE CVE-2023-0136
Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2023-0141
Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
Google Chrome Security Update (stable-channel-update-for-desktop-2023-01) - Linux
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
CVE-2023-0139
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2023-0136
Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2023-0139
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2023-0131
Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. Chromium security severity: Medium...
UBUNTU-CVE-2023-0139
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. Chromium security severity: Low...
UBUNTU-CVE-2023-0132
Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. Chromium security severity: Medium...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, Inc. in the United States. A security vulnerability exists in versions of Google Chrome prior to 109.0.5414.74, which stems from an improper implementation in its Fullscreen API that allows remote attackers to spoof the contents of the Omnibox URL bar v...
CVE-2023-0131
Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-0141
Conforms to CVE-2023-0141: Google Chrome/Chromium suffered from insufficient CORS policy enforcement, enabling a remote attacker to leak cross-origin data via a crafted HTML page. Affected versions were prior to 109.0.5414.74. The Chrome stable update 109.0.5414.74+ includes fixes; the release no...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that stems from an improperly implemented permission prompt, which can be exploited by a remote attacker to bypass the Primary Source Permission Delegation via a crafted HTML page, and affects the...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser from Google, Inc. in the United States. A security vulnerability exists in versions of Google Chrome prior to 109.0.5414.74 that stems from its Overview mode where post-release reuse occurs allowing a remote attacker to convince a user that specific UI interactions...