Incorrect Authorization

Overview chrome-devtools-frontend is a Chrome DevTools UI Affected versions of this package are vulnerable to Incorrect Authorization via insufficient enforcement of navigation policies in the DevTools process. An attacker can access restricted resources or perform unauthorized navigation by...

@arikdpc/chrome-devtools-mcp (>=0.12.1 <=0.12.4), @bachstudio/chrome-devtools-mcp (=0.10.3) +5 more potentially affected by CVE-2026-3941 via chrome-devtools-frontend (>=1.0.1532884 <=1.0.1555430)

chrome-devtools-frontend NPM version =1.0.1532884, =0.12.1, =1.0.2, =0.12.2, =0.3.17, =0.3.17, =0.3.22 Source cves: CVE-2026-3941 Source advisory: SNYK:JS-CHROMEDEVTOOLSFRONTEND-15467463...

Access Control Bypass

Overview chrome-devtools-frontend is a Chrome DevTools UI Affected versions of this package are vulnerable to Access Control Bypass due to insufficient Content Security Policy enforcement in the Network.loadNetworkResource method of the DevTools protocol network handler. An attacker can exfiltrat...

Improper Neutralization

Overview chrome-devtools-frontend is a Chrome DevTools UI Affected versions of this package are vulnerable to Improper Neutralization due to insufficient sanitization of special whitespace characters in the escapeStringWin function. An attacker can execute arbitrary code by crafting malicious inp...

UBUNTU-CVE-2016-1699

WebKit/Source/devtools/frontend/devtools.js in the Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to...

Google Chrome DevTools Subsystem Access Restriction Bypass Vulnerability

Google Chrome is a web browsing tool developed by Google. A security vulnerability exists in Google Chrome prior to version 48.0.2564.109 due to the DevTools subsystem failing to validate the URL scheme and ensure that the remoteBase parameter is associated with the...