Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Chrome Security Vulnerabilities - CVSS Score 3 - 4

cve
cve

CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then ...

3.7CVSS

4.8AI Score

0.974EPSS

2015-05-21 12:59 AM
955
In Wild
2
cve
cve

CVE-2016-5166

The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct...

3.1CVSS

5.1AI Score

0.004EPSS

2016-09-11 10:59 AM
54
4
cve
cve

CVE-2017-5081

Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.

3.3CVSS

5.1AI Score

0.0004EPSS

2017-10-27 05:29 AM
56
cve
cve

CVE-2018-6053

Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.

3.3CVSS

4.4AI Score

0.001EPSS

2018-09-25 02:29 PM
81
cve
cve

CVE-2019-13679

Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.

3.3CVSS

4.9AI Score

0.001EPSS

2019-11-25 03:15 PM
254
cve
cve

CVE-2019-13762

Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.

3.3CVSS

4.8AI Score

0.0004EPSS

2019-12-10 10:15 PM
206
cve
cve

CVE-2021-37964

Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file.

3.3CVSS

5.2AI Score

0.001EPSS

2021-10-08 10:15 PM
119
cve
cve

CVE-2022-4923

Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium security severity: Low)

3.1CVSS

5.2AI Score

0.001EPSS

2023-07-29 12:15 AM
42
cve
cve

CVE-2024-3515

Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

3.7CVSS

6.5AI Score

0.0004EPSS

2024-04-10 07:15 PM
55
cve
cve

CVE-2024-6996

Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

3.1CVSS

6.4AI Score

0.0005EPSS

2024-08-06 04:15 PM
52