33 matches found
Google Chrome Resource Management Error Vulnerability (CNVD-2020-00998)
Google Chrome is a web browser from Google, an American company. A resource management error vulnerability exists in versions of Google Chrome prior to 77.0.3865.75, which can be exploited by remote attackers to cause heap corruption with the help of specially crafted HTML pages...
DEBIAN-CVE-2019-5881
Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
DEBIAN-CVE-2019-13681
Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page...
DEBIAN-CVE-2019-13673
Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
DEBIAN-CVE-2019-13669
Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
DEBIAN-CVE-2019-13667
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
CVE-2019-13660
UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page...
Code injection
IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name...
UBUNTU-CVE-2019-13667
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
UBUNTU-CVE-2019-13677
Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page...
UBUNTU-CVE-2019-13678
Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page...
UBUNTU-CVE-2019-5872
Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
UBUNTU-CVE-2019-5876
Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
UBUNTU-CVE-2019-13681
Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page...
chromium-browser: Site isolation bypass
Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page...
chromium-browser: Extensions can be disabled by trailing slash
Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page...
chromium-browser: Google URI shown for certificate warning
Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page...
chromium-browser: IP address spoofing to servers
Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections...
chromium-browser: External URIs may trigger other browsers
Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...
chromium-browser: SameSite cookie bypass
Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page...