14 matches found
PT-2026-46770
Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
CVE-2026-8522
Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-8565
CVE-2026-8565 affects Google Chrome on macOS. The issue is an inappropriate implementation in the Downloads component that, before version 148.0.7778.168, could allow an attacker who persuades a user to install a malicious Chrome Extension to perform UI spoofing via that extension. The vulnerabil...
EUVD-2026-30384
Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...
PT-2026-41094
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.168 Description An inappropriate implementation in Downloads allows an attacker to perform UI spoofing via a crafted Chrome Extension, provided they can convince a user to install a malicious...
EUVD-2026-20701
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to bypass download restrictions via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2025-13634
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. Chromium security severity: Medium...
EUVD-2025-200315
Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2025-9867
Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2023-5857
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. Chromium security severity: Medium...
CVE-2016-1771
The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site...
CVE-2016-1771
The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site...
CVE-2016-1771
CVE-2016-1771 affects Apple Safari’s Downloads feature prior to 9.1. The vulnerability is caused by insufficient validation during file expansion, allowing a crafted web page to trigger a denial of service. Affected product is Safari (pre-9.1) on macOS; impact is denial of service via remote site...
CVE-2016-1771
The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site...