35 matches found
PT-2026-46639
Name of the Vulnerable Software and Affected Versions Google Chrome on Linux versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in Chromoting allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted...
PT-2026-38155
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient policy enforcement in DirectSockets allows a remote attacker to perform arbitrary read and write operations through the use of a crafted Chrome Extension. Recommendations...
Microsoft Edge (Chromium-Based) Use After Free Vulnerability (Mar 2025)
Microsoft Edge Chromium-Based is prone to an use after free vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2025-1915
Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. Chromium security severity: Mediu...
CVE-2024-5836
Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: High...
CVE-2024-0810
Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2023-5487
Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2023-5487
Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2023-4077
Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: Medium...
Authentication Bypass
Google Chrome is vulnerable to Authentication Bypass. The vulnerability exists due to the insufficient policy enforcement in Extensions API, which allows an attacker to bypass navigation restrictions via a crafted Chrome Extension...
Denial Of Service (DoS)
Google Chrome is vulnerable to denial of service. The vulnerability exists in the Mojo component, allowing an attacker to convince a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...
Use After Free
chromium is vulnerable to use-after free. The vulnerability exists in Safe Browsing in Google Chrome which allows an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...
CVE-2022-1856
Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction...
CVE-2022-1865
Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction...
CVE-2022-1312
Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...
Use-After-Free
chromium is vulnerable to use-after-free. A remote attacker who is able to convince a user to install a malicious extension has the potential to perform a sandbox escape on via the crafted Chrome Extension...
CVE-2022-0798
Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...
CVE-2022-0798
Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...
CVE-2022-0793
Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension...
CVE-2021-4055
Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...