290 matches found
CVE-2018-6176
Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension...
CVE-2018-6176
Removed by vendor...
CVE-2018-6176
CVE-2018-6176 affects Google Chrome/Chromium: insufficient file-type enforcement in the Extensions API enables privilege escalation via a crafted extension when the renderer is compromised. Several advisories (Debian DSA, Gentoo GLSA, CNVD) confirm local privilege escalation via the Extensions me...
CVE-2018-6138
Removed by vendor...
CVE-2018-6138
CVE-2018-6138 affects Google Chrome/Chromium extensions via insufficient policy enforcement in the Extensions API, enabling a user-assisted bypass of navigation restrictions by installing a malicious extension. Affected are versions prior to 67.0.3396.62; remediation per advisories is to upgrade ...
CVE-2018-6138
Insufficient policy enforcement in Extensions API in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension...
CVE-2018-16064
CVE-2018-16064 concerns Google Chrome’s Extensions API. It states that insufficient data validation in the Extensions API, for Chrome versions prior to 68.0.3440.75, could let an attacker who tricks a user into installing a crafted extension bypass navigation restrictions. Affected: Google Chrome...
CVE-2018-16086
Removed by vendor...
CVE-2018-16064
Removed by vendor...
chromium-browser: Local user privilege escalation in Extensions
Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension...
CVE-2018-6176
Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension...
CVE-2018-6138
Insufficient policy enforcement in Extensions API in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension...
CVE-2016-5201
A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page...
CVE-2016-5218
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox URL bar via a crafted HTML page containing PDF data...
Design/Logic Flaw
A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page...
CVE-2016-5218
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox URL bar via a crafted HTML page containing PDF data...
Design/Logic Flaw
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page...
UBUNTU-CVE-2016-5217
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page...
CVE-2016-5218
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox URL bar via a crafted HTML page containing PDF data...
UBUNTU-CVE-2016-5218
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox URL bar via a crafted HTML page containing PDF data...