Design/Logic Flaw

Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-4365

CVE-2023-4365 is a Chrome/Chromium vulnerability due to an inappropriate implementation in Fullscreen. Root cause: Fullscreen handling allows a crafted HTML page to obfuscate the security UI. Affects Google Chrome/Chromium (and related Edge in some docs) prior to version 116.0.5845.96. Impact per...

CVE-2023-4365

Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-4363

Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-4363

CVE-2023-4363–Inappropriate implementation in WebShare in Google Chrome (Android) prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. Connected advisories confirm this CVE is tracked with Chromium updates; fixes are part of Chrome/Chromi...

CVE-2023-4361

CVE-2023-4361 concerns Google Chrome/Chromium Autofill on Android (pre-116.0.5845.96). The vulnerability is an inappropriate Autofill implementation that allows a remote attacker to bypass Autofill restrictions via a crafted HTML page, enabling potential unauthorized autofill actions. Affected so...

CVE-2023-4361

Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-4363

Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-4350

CVE-2023-4350 is an issue in Chromium-based Chrome on Android involving an inappropriate implementation in Fullscreen that could allow a remote attacker to spoof the Omnibox (URL bar) via a crafted HTML page. The vulnerability originates from the Fullscreen implementation and affects Android buil...

Google Chrome < 116.0.5845.96 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 116.0.5845.96. It is, therefore, affected by multiple vulnerabilities as referenced in the 202308stable-channel-update-for-desktop15 advisory. - Insufficient policy enforcement in Extensions API in Google Chrome prior t...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 26 security fixes: 1448548 High CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L. on 2023-05-24 1458303 High CVE-2023-4349: Use after free in Device Trust Connectors. Reported by Weipeng Jiang @Krace of VRI on 2023-06-27 1454817 Hi...

Google Chrome < 116.0.5845.96 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 116.0.5845.96. It is, therefore, affected by multiple vulnerabilities as referenced in the 202308stable-channel-update-for-desktop15 advisory. - Insufficient policy enforcement in Extensions API in Google Chrome prior to...

openSUSE 15 Security Update : chromium (openSUSE-SU-2023:0216-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0216-1 advisory. - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page...

Authorization Bypass

chromium is vulnerable to Authorization Bypass. The vulnerability exists due to the inappropriate implementation in the prompts in the library, which allows an attacker to bypass permission restrictions via a crafted HTML page...

Microsoft Edge (Chromium) < 114.0.1823.106 / 115.0.1901.200 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.106 / 115.0.1901.200. It is, therefore, affected by multiple vulnerabilities as referenced in the August 7, 2023 advisory. - Microsoft Edge Chromium-based Security Feature Bypass Vulnerability CVE-2023-38157...

CVE-2022-4955

CVE-2022-4955 concerns Google Chrome before 108.0.5359.71, where an improper DevTools implementation could allow a user who installs a crafted extension via a malicious HTML page to bypass file access restrictions. The vulnerability stems from DevTools behavior and enables an attacker to exploit ...

CVE-2023-4078

Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: Medium...

Design/Logic Flaw

Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: Medium...

Google Chrome < 115.0.5790.170 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 115.0.5790.170. It is, therefore, affected by multiple vulnerabilities as referenced in the 202308stable-channel-update-for-desktop advisory. - Inappropriate implementation in Extensions in Google Chrome prior to...

Google Chrome < 115.0.5790.170 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 115.0.5790.170. It is, therefore, affected by multiple vulnerabilities as referenced in the 202308stable-channel-update-for-desktop advisory. - Inappropriate implementation in Extensions in Google Chrome prior to...