9 matches found
EUVD-2017-14130
Malware in sbrugna...
CVE-2022-1136
Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific set of user gestures...
Design/Logic Flaw
Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-30520
Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-21143
Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension...
MGASA-2020-0352 Updated thunderbird packages fix security vulnerabilities
By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious...
Design/Logic Flaw
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...
CVE-2017-5389
WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user...
The vulnerability of Google Chrome allows a hacker to install a malicious extension.
The vulnerability of Google Chrome’s DevTools URLs component is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to install a malicious extension and gain access to file readings through a specially crafted HTML page...