280 matches found
Code injection
Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-4368
CVE-2023-4368 : In Google Chrome/Chromium, insufficient policy enforcement in the Extensions API prior to 116.0.5845.96 allowed a user-wacched to install a malicious extension to bypass an enterprise policy via a crafted HTML page. The issue is described as a Medium severity in the Chromium advis...
CVE-2023-4367
Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-4368
Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-4367
CVE-2023-4367 affects Google Chrome/Chromium’s Extensions API. The vulnerability arises from insufficient policy enforcement, enabling a user who installs a crafted malicious extension to bypass enterprise policy. Public advisories and vendor updates reference Chrome/Chromium fixes in the 116.0.5...
CVE-2023-4367
Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. Chromium security severity: Medium...
PT-2023-4463 · Google +3 · Google Chrome +3
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 116.0.5845.96 Description: The issue is related to insufficient policy enforcement in the Extensions API of Google Chrome, allowing a remote attacker to install arbitrary extensions using a specially crafted HT...
PT-2023-4452 · Google +3 · Google Chrome +3
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 116.0.5845.96 Description: The issue is related to insufficient policy enforcement in the Extensions API of Google Chrome, allowing a remote attacker to bypass existing security restrictions. This can be achiev...
Microsoft Edge (Chromium-Based) Multiple Vulnerabilities-01 (Jun 2023)
This host is missing an important security update according to Microsoft Edge Chromium-Based updates. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
openSUSE 15 Security Update : chromium (openSUSE-SU-2023:0124-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0124-1 advisory. - Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via...
Chromium: CVE-2023-2941 Inappropriate implementation in Extensions API
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Google Chrome Security Bypass Vulnerability (CNVD-2023-46111)
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome prior to version 114.0.5735.90, which stems from a mal-implementation issue in the Extensions API module. An attacker could exploit this vulnerability to bypass security...
CVE-2023-2941
Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. Chromium security severity: Low...
CVE-2023-2941
Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. Chromium security severity: Low...
DEBIAN-CVE-2023-2941
Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. Chromium security severity: Low...
Information disclosure
Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. Chromium security severity: Low...
CVE-2023-2941
Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. Chromium security severity: Low...
CVE-2023-2941
Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. Chromium security severity: Low...
CVE-2023-2941
Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. Chromium security severity: Low...
Google Chrome < 114.0.5735.91 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 114.0.5735.91. It is, therefore, affected by multiple vulnerabilities as referenced in the 202305stable-channel-update-for-desktop30 advisory. - Out of bounds write in Swiftshader. CVE-2023-2929 - Use after free in...