Google Chrome < 114.0.5735.90 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 114.0.5735.90. It is, therefore, affected by multiple vulnerabilities as referenced in the 202305stable-channel-update-for-desktop30 advisory. - Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remot...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 16 security fixes: 1410191 High CVE-2023-2929: Out of bounds write in Swiftshader. Reported by Jaehun Jeong@n3sk of Theori on 2023-01-25 1443401 High CVE-2023-2930: Use after free in Extensions. Reported by asnine on 2023-05-08 1444238 High...

Authentication Bypass

Google Chrome is vulnerable to Authentication Bypass. The vulnerability exists due to the insufficient policy enforcement in Extensions API, which allows an attacker to bypass navigation restrictions via a crafted Chrome Extension...

Chromium: CVE-2023-1221 Insufficient policy enforcement in Extensions API

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

KLA48544 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Policy enforcement...

Google Chrome Security Updates (stable-channel-update-for-desktop-2023-03) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 40 security fixes: 1411210 High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong@n3sk of Theori on 2023-01-30 1412487 High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-02-03 1417176...

CVE-2023-1221

Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2023-1221

Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...

Code injection

Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...

UBUNTU-CVE-2023-1221

Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2023-1221

Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2023-1221

The CVE-2023-1221 entry describes a Chromium-based issue in Google Chrome’s Extensions API: insufficient policy enforcement allowed a user-assisted attacker to bypass navigation restrictions via a crafted extension in Chrome prior to 111.0.5563.64. Affected software is Google Chrome/Chromium with...

CVE-2023-1221

Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...

SUSE CVE-2015-1297

The WebRequest API implementation in extensions/browser/api/webrequest/webrequestapi.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted 1 app or 2...

SUSE CVE-2016-5218

The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox URL bar via a crafted HTML page containing PDF data...

SUSE CVE-2018-6176

Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension...

SUSE CVE-2021-30610

Chromium: CVE-2021-30610 Use after free in Extensions API...

SUSE CVE-2022-1488

Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension...

SUSE CVE-2022-1868

Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page...