Chromium: CVE-2026-11129 Inappropriate implementation in Extensions

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

PT-2026-46555

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Extensions allows an attacker to bypass navigation restrictions. This occurs when a user is convinced to install a crafted malicious extension...

CVE-2025-13632

Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: High...

EUVD-2025-6073

Malicious code in bioql PyPI...

CVE-2025-27645

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by Trusting HTTP Permission Methods on the Server Side V-2024-005...

CVE-2025-27645

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by Trusting HTTP Permission Methods on the Server Side V-2024-005...

CVE-2025-27645

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by Trusting HTTP Permission Methods on the Server Side V-2024-005...

CVE-2025-27645

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by Trusting HTTP Permission Methods on the Server Side V-2024-005...

CVE-2025-27645

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 and Application 20.0.2368 allows insecure extension installation by trusting HTTP permission methods on the server side. This vulnerability, CVE-2025-27645, is reported with a CVSS v3.1 base score of 9.8 (NETWORK, HIGH im...

Vasion Print 安全漏洞

Vasion Print is a SaaS-based, cloud-hosted application from Vasion for managing and deploying printers. A security vulnerability exists in Vasion Print that stems from a server-side trust HTTP permission method leading to insecure extension installation...

CVE-2024-10229

Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. Chromium security severity: High...

DEBIAN-CVE-2024-8035

Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2024-3844

Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...

CVE-2022-2164

Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page...

CVE-2022-2164

CVE-2022-2164 is an issue in Google Chrome’s Extensions API (pre-103.0.5060.53) where an attacker could bypass discretionary access control via a crafted HTML page if the user installs a malicious extension. Affected software: Chrome (Extensions API). Root cause: inappropriate implementation in t...

CVE-2022-1868

Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page...

CVE-2022-1862

Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page...

CVE-2022-1137

Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page...

Microsoft FrontPage Insecure Extension Configuration

An information disclosure vulnerability is present on the remote server due to exposure of Microsoft FrontPage extensions configuration files in the vtipvt directory. No source data...

CVE-2020-15271

In lookatme python/pypi package versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "fileloader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. ...