289 matches found
CVE-2018-6113
Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page...
CVE-2018-20069
Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page...
Google Chrome Omnibox URL Spoofing Vulnerability (CNVD-2018-24374)
Google Chrome is a web browser developed by Google, Inc. and Omnibox is a real-time search engine. A security vulnerability exists in Omnibox in iOS-based versions of Google Chrome prior to 70.0.3538.67, which stems from the program's failure to properly handle browsing history. A remote attacker...
Google Chrome Cross-Site Scripting Vulnerability (CNVD-2018-11493)
Google Chrome for iOS is an iOS-based web browser developed by Google. A cross-site scripting vulnerability exists in iOS-based versions of Google Chrome prior to 67.0.3396.62, which stems from the program failing to properly validate user-submitted input. A remote attacker can exploit this...
CVE-2018-6113
Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page...
UBUNTU-CVE-2017-5085
Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark...
CVE-2016-5193
Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages...
CVE-2016-1707
ios/web/webstate/ui/crwwebcontroller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site...
CVE-2012-2899
Removed by vendor...