Lucene search
K

35 matches found

Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.10 views

PT-2026-46639

Name of the Vulnerable Software and Affected Versions Google Chrome on Linux versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in Chromoting allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted...

9.6CVSS5.9AI score0.00985EPSS
Exploits0References434
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.12 views

PT-2026-38155

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient policy enforcement in DirectSockets allows a remote attacker to perform arbitrary read and write operations through the use of a crafted Chrome Extension. Recommendations...

9.6CVSS6AI score0.00344EPSS
Exploits0References135
OpenVAS
OpenVAS
added 2025/03/24 12:0 a.m.21 views

Microsoft Edge (Chromium-Based) Use After Free Vulnerability (Mar 2025)

Microsoft Edge Chromium-Based is prone to an use after free vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.8CVSS7.3AI score0.00791EPSS
Exploits0References2
OSV
OSV
added 2025/03/05 4:15 a.m.19 views

CVE-2025-1915

Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. Chromium security severity: Mediu...

8.1CVSS6.7AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/11 8:58 p.m.23 views

CVE-2024-5836

Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: High...

7.3AI score0.00491EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2024/01/24 12:15 a.m.38 views

CVE-2024-0810

Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Medium...

4.3CVSS5.9AI score0.0035EPSS
Exploits0References3
NVD
NVD
added 2023/10/11 11:15 p.m.22 views

CVE-2023-5487

Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...

6.5CVSS6.7AI score0.00635EPSS
Exploits0References8
OSV
OSV
added 2023/10/11 11:15 p.m.12 views

CVE-2023-5487

Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...

6.5CVSS5.4AI score
Exploits0References8
UbuntuCve
UbuntuCve
added 2023/08/03 12:0 a.m.31 views

CVE-2023-4077

Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: Medium...

8.8CVSS7.2AI score0.00923EPSS
Exploits0References3
Veracode
Veracode
added 2023/03/18 1:47 p.m.33 views

Authentication Bypass

Google Chrome is vulnerable to Authentication Bypass. The vulnerability exists due to the insufficient policy enforcement in Extensions API, which allows an attacker to bypass navigation restrictions via a crafted Chrome Extension...

4.3CVSS6.1AI score0.00332EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2022/12/10 1:7 p.m.22 views

Denial Of Service (DoS)

Google Chrome is vulnerable to denial of service. The vulnerability exists in the Mojo component, allowing an attacker to convince a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...

8.8CVSS8.2AI score0.00473EPSS
Exploits0References6Affected Software2
Veracode
Veracode
added 2022/11/16 10:29 p.m.23 views

Use After Free

chromium is vulnerable to use-after free. The vulnerability exists in Safe Browsing in Google Chrome which allows an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...

8.8CVSS8.4AI score0.00411EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/07/27 10:15 p.m.15 views

CVE-2022-1856

Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction...

8.8CVSS9.5AI score
Exploits0References3
Debian CVE
Debian CVE
added 2022/07/27 9:18 p.m.51 views

CVE-2022-1865

Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction...

8.8CVSS9.6AI score0.00475EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2022/07/25 2:15 p.m.34 views

CVE-2022-1312

Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...

9.6CVSS6.9AI score0.0052EPSS
Exploits1References1
Veracode
Veracode
added 2022/04/17 9:57 a.m.22 views

Use-After-Free

chromium is vulnerable to use-after-free. A remote attacker who is able to convince a user to install a malicious extension has the potential to perform a sandbox escape on via the crafted Chrome Extension...

9.6CVSS3.2AI score0.0052EPSS
Exploits1References4Affected Software2
NVD
NVD
added 2022/04/05 1:15 a.m.18 views

CVE-2022-0798

Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...

8.8CVSS0.00664EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/04/05 1:15 a.m.31 views

CVE-2022-0798

Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...

8.8CVSS7.2AI score0.00664EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/04/05 1:15 a.m.38 views

CVE-2022-0793

Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension...

8.8CVSS7.2AI score0.00737EPSS
Exploits1References2
NVD
NVD
added 2021/12/23 1:15 a.m.16 views

CVE-2021-4055

Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...

8.8CVSS0.01052EPSS
Exploits0References5
Rows per page
Query Builder