CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2011-3014

Malware in sbrugna...

10CVSS9.3AI score0.02472EPSS

Exploits0References19

Prion•added 2016/09/25 8:59 p.m.•24 views

Design/Logic Flaw

The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect...

6.8CVSS6.6AI score0.00749EPSS

Exploits0References10Affected Software1

Debian CVE•added 2016/09/25 8:0 p.m.•30 views

CVE-2016-5173

Removed by vendor...

7.1CVSS8.2AI score0.00749EPSS

Exploits0

RedhatCVE•added 2016/09/14 7:19 a.m.•22 views

CVE-2016-5173

7.1CVSS5.8AI score0.00749EPSS

Exploits0References2

NVD•added 2016/09/11 10:59 a.m.•14 views

CVE-2016-5149

The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a...

8.8CVSS8.6AI score0.01312EPSS

Exploits0References12

UbuntuCve•added 2016/09/11 10:59 a.m.•18 views

CVE-2016-5149

8.8CVSS7.2AI score0.01312EPSS

Exploits0References2

Prion•added 2016/09/11 10:59 a.m.•15 views

Code injection

6.8CVSS6.8AI score0.01312EPSS

Exploits0References12Affected Software2

CNVD•added 2016/06/06 12:0 a.m.•3 views

Google Chrome Extension Subsystem Homology Policy Bypass Vulnerability

Google Chrome is a web browsing tool developed by Google. In versions prior to Google Chrome 51.0.2704.79, the extension subsystem does not properly restrict bound access and a same-origin policy bypass vulnerability exists, which can be exploited by remote attackers to bypass the same-origin...

8.8CVSS9.1AI score0.01453EPSS

Exploits0References1

CVE•added 2016/04/18 10:0 a.m.•85 views

CVE-2016-1658

CVE-2016-1658 affects Google Chrome’s Extensions subsystem, where GetOrigin-based origin comparisons could allow a malicious extension to access sensitive information and leak data across origins. The vulnerability is tied to how file: URL origins were handled, enabling potential leakage via exte...

4.3CVSS5.6AI score0.00723EPSS

Exploits0References10Affected Software2

Cvelist•added 2016/02/14 2:0 a.m.•21 views

CVE-2016-1622

The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...

8.3AI score0.01496EPSS

Exploits0References10

Prion•added 2012/03/09 12:55 a.m.•22 views

Design/Logic Flaw

The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS UXSS" issue...

10CVSS6.8AI score0.02472EPSS

Exploits0References17Affected Software4

CVE•added 2012/03/09 12:0 a.m.•78 views

CVE-2011-3046

CVE-2011-3046 affects Google Chrome’s extension subsystem prior to 17.0.963.78, where history navigation handling enables a Universal XSS (UXSS) that could allow remote code execution. Connected sources corroborate the vulnerability in Chrome/Chromium (UXSS and bad history navigation) and note pa...

10CVSS6.3AI score0.02472EPSS

Exploits0References17Affected Software1

UbuntuCve•added 2012/03/08 12:0 a.m.•22 views

CVE-2011-3046

10CVSS7.4AI score0.02472EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by