968 matches found
FreeBSD : chromium -- multiple vulnerabilities (f12368a8-1e05-11ed-a1ef-3065ec8fd3ec)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f12368a8-1e05-11ed-a1ef-3065ec8fd3ec advisory. - Use after free in FedCM. CVE-2022-2852 - Heap buffer overflow in Downloads. CVE-2022-2853 -...
Design/Logic Flaw
Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
CVE-2022-2611
CVE-2022-2611 : Concrete details across connected sources show an issue in the Fullscreen API in Google Chrome/Chromium where, on Android prior to 104.0.5112.79, a crafted HTML page can cause the Omnibox (URL bar) to be spoofed by a remote attacker. The affected software is Google Chrome (Android...
CVE-2022-2611
Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
Debian DSA-5201-1 : chromium - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5201 advisory. - Use after free in Omnibox. CVE-2022-2603 - Use after free in Safe Browsing. CVE-2022-2604 - Out of bounds read in Dawn. CVE-2022-2605 - Use after free in Manage...
CVE-2022-2164
Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page...
CVE-2022-2164
Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page...
CVE-2022-1497
Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page...
DEBIAN-CVE-2022-1488
Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension...
Design/Logic Flaw
Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Design/Logic Flaw
Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page...
CVE-2022-1637
Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2022-1637
Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2022-1499
Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page...
CVE-2022-1497
Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page...
CVE-2022-1482
CVE-2022-1482 : In Google Chrome, the WebGL implementation contained an inappropriate/unsafe handling that could allow a remote attacker to trigger heap corruption via a crafted HTML page. The vulnerability is associated with Chrome/WebGL prior to version 101.0.4951.41. Public advisories and rele...
Hardcoded credentials
Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
CVE-2022-1306
Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
CVE-2022-1137
Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page...
CVE-2022-1128
Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page...