299 matches found
CVE-2026-0061
In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в chromium
Inappropriate implementation in permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в chromium
Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. Chromium security severity: Medium...
Astra Linux - уязвимость в firefox
It was possible to prevent a user from exiting PointerLock by pressing Escape, and to overlay customValidity notifications from a element over certain permission prompts. This could be used to confuse a user into giving unintended permissions to the site. This vulnerability affects Firefox 128 an...
Astra Linux - уязвимость в chromium
In the “Permission Prompts” feature of Google Chrome before version 101.0.4951.64, it was possible for a remote attacker to convince a user to perform certain UI interactions, thereby potentially exploiting heap corruption through those interactions...
Astra Linux - уязвимость в firefox, thunderbird
If a user installed an extension of a particular type, the extension might automatically update itself. During this process, it could bypass the prompt that grants the new version the newly requested permissions. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...
Astra Linux - уязвимость в firefox, thunderbird
After requesting multiple permissions and closing the first permission panel, subsequent permission panels will be displayed in a different position, but still record a click at the default location. This allows users to be tricked into accepting permissions they do not want to grant. This bug on...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в firefox
The timing of a button click that causes a pop-up to disappear was approximately the same duration as the delay in permission prompts to prevent clickjacking attacks. This fact could be used to surprise users by forcing them to click where the permission grant button was about to appear. This...
Astra Linux - уязвимость в firefox, thunderbird
The truncation of a long URL could have allowed for origin spoofing in a permission prompt. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...
JLSEC-2026-100 Deno is vulnerable to race condition via interactive permission prompt spoofing
Impact Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the terminal screen after permission prompt was shown and write a generic message li...
EUVD-2018-7936
Malware in sbrugna...
EUVD-2017-14218
Malware in sbrugna...
EUVD-2025-6099
Malicious code in bioql PyPI...
EUVD-2023-12222
Malicious code in bioql PyPI...
EUVD-2023-23508
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-6867
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The timing of a button click causing a popup to disappear was approximately the same length as the anti- clickjacking delay on permission prompts. It was possib...