CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

UbuntuCve•added 2019/06/27 5:15 p.m.•17 views

CVE-2019-5838

Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension...

4.3CVSS6.8AI score0.00448EPSS

OSV•added 2019/06/27 5:15 p.m.•0 views

UBUNTU-CVE-2018-6138

Insufficient policy enforcement in Extensions API in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension...

8.1CVSS7.3AI score0.00067EPSS

Exploits0References3

Prion•added 2019/06/27 5:15 p.m.•15 views

Code injection

5.8CVSS7.8AI score0.00067EPSS

Prion•added 2019/06/27 5:15 p.m.•17 views

Input validation

4.3CVSS5.9AI score0.00103EPSS

Prion•added 2019/06/27 5:15 p.m.•13 views

Authorization

Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension...

4.6CVSS7.8AI score0.00085EPSS

UbuntuCve•added 2019/06/27 5:15 p.m.•23 views

CVE-2018-6138

8.1CVSS7.2AI score0.00067EPSS

OSV•added 2019/06/27 5:15 p.m.•0 views

UBUNTU-CVE-2018-16086

Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension...

5.4CVSS5.8AI score0.00083EPSS

Exploits0References3

Cvelist•added 2019/06/27 4:13 p.m.•14 views

CVE-2019-5838

5.3AI score0.00448EPSS

Exploits0References8

CVE•added 2019/06/27 4:13 p.m.•290 views

CVE-2019-5838

CVE-2019-5838 : Insufficient policy enforcement in Chrome extensions API allowed a user-went-through-a-malicious-extension attack to bypass file URI restrictions. Affected: Google Chrome/Chromium prior to 75.0.3770.80. Impact is that a crafted extension could enable access to file URIs that shoul...

4.3CVSS5.1AI score0.00448EPSS

Exploits0References8Affected Software1

Cvelist•added 2019/06/27 4:13 p.m.•16 views

CVE-2018-6176

7.6AI score0.00085EPSS

Debian CVE•added 2019/06/27 4:13 p.m.•18 views

CVE-2018-6176

Removed by vendor...

7.8CVSS8.8AI score0.00085EPSS

CVE•added 2019/06/27 4:13 p.m.•108 views

CVE-2018-6176

CVE-2018-6176 affects Google Chrome/Chromium: insufficient file-type enforcement in the Extensions API enables privilege escalation via a crafted extension when the renderer is compromised. Several advisories (Debian DSA, Gentoo GLSA, CNVD) confirm local privilege escalation via the Extensions me...

7.8CVSS7.5AI score0.00085EPSS

Debian CVE•added 2019/06/27 4:13 p.m.•25 views

CVE-2018-6138

Removed by vendor...

8.1CVSS8.9AI score0.00067EPSS

CVE•added 2019/06/27 4:13 p.m.•143 views

CVE-2018-6138

CVE-2018-6138 affects Google Chrome/Chromium extensions via insufficient policy enforcement in the Extensions API, enabling a user-assisted bypass of navigation restrictions by installing a malicious extension. Affected are versions prior to 67.0.3396.62; remediation per advisories is to upgrade ...

8.1CVSS5.8AI score0.00067EPSS

Cvelist•added 2019/06/27 4:13 p.m.•19 views

CVE-2018-6138

6AI score0.00067EPSS

CVE•added 2019/06/27 4:13 p.m.•117 views

CVE-2018-16064

CVE-2018-16064 concerns Google Chrome’s Extensions API. It states that insufficient data validation in the Extensions API, for Chrome versions prior to 68.0.3440.75, could let an attacker who tricks a user into installing a crafted extension bypass navigation restrictions. Affected: Google Chrome...

6.5CVSS6.5AI score0.00103EPSS

Debian CVE•added 2019/06/27 4:13 p.m.•25 views

CVE-2018-16086

Removed by vendor...

5.8CVSS7.6AI score0.00083EPSS

Debian CVE•added 2019/06/27 4:13 p.m.•23 views

CVE-2018-16064

Removed by vendor...

6.5CVSS7.9AI score0.00103EPSS