CVE-2018-6178

Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension...

CVE-2018-6151

Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension...

chromium-browser: Restrictions bypass in the debugger extension API

Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension...

FreeBSD : chromium -- vulnerability (36ff7a74-47b1-11e8-a7d6-54e1ad544088)

Google Chrome Releases reports : 62 security fixes in this release : - 826626 Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28 - 827492 Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30 - 813876 High...

chromium-browser: Heap-use-after-free in DevTools

An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page...

chromium-browser: Insufficient protection of remote debugging prototol in DevTools

A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server...

chromium-browser: Incorrect URL handling in DevTools

Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

CVE-2018-6101

A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server...

Directory Traversal

webkit-devtools-agent-frontend is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...

CVE-2017-15393

Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak...

CVE-2017-15393

Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak...

UBUNTU-CVE-2017-15393

Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak...

CVE-2017-15393

CVE-2017-15393 affects Chromium/Chromium-based browsers, describing an information disclosure (referrer leak) in the Devtools remote debugging feature prior to 62.0.3202.62. A remote attacker could obtain access to remote debugging functionality via a crafted HTML page, enabling potential exposur...

CVE-2017-15393

Removed by vendor...

chromium-browser: insufficient isolation of devtools from extensions

Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension...

chromium-browser: insufficient isolation of devtools from extensions

Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension...

chromium-browser: xss in devtools

Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension...

chromium-browser: insufficient isolation of devtools from extensions

Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension...

Google Chrome for Mac, Windows and Linux Security Bypass Vulnerability

Google Chrome for Mac, Windows and Linux is a web browser developed by Google, Inc. for the Mac, Windows and Linux platforms. A security vulnerability exists in versions of Google Chrome prior to 64.0.3282.119 for Windows, Mac and Linux platforms, which stems from the program's failure to...

Google Chrome for Mac, Windows and Linux Security Bypass Vulnerability (CNVD-2018-03636)

Google Chrome for Mac, Windows and Linux is a web browser developed by Google, Inc. for the Mac, Windows and Linux platforms. A security vulnerability exists in versions of Google Chrome prior to 64.0.3282.119 for Windows, Mac and Linux platforms, which stems from the program's failure to...