Chrome@* Security Vulnerabilities and Issues — Chrome@* CVE List

Lucene search

GoogleChrome*

433 matches found

CVE•added 2021/01/08 7:15 p.m.•1283 views

CVE-2020-16012

Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

4.3CVSS5.5AI score0.04946EPSS

CVE•added 2025/05/14 6:15 p.m.•773 views

CVE-2025-4664

Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

4.3CVSS6AI score0.00014EPSS

In wildWeb

CVE•added 2025/01/15 11:15 a.m.•445 views

CVE-2025-0448

Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.4AI score0.0009EPSS

CVE•added 2025/01/15 11:15 a.m.•414 views

CVE-2025-0446

Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

4.3CVSS6.6AI score0.00083EPSS

CVE•added 2023/05/30 10:15 p.m.•372 views

CVE-2023-2941

Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)

4.3CVSS5AI score0.00083EPSS

CVE•added 2024/08/21 9:15 p.m.•360 views

CVE-2024-7976

Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6.4AI score0.00116EPSS

CVE•added 2024/08/21 9:15 p.m.•358 views

CVE-2024-8035

Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.4AI score0.00082EPSS

CVE•added 2024/08/21 9:15 p.m.•356 views

CVE-2024-8033

Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.4AI score0.00098EPSS

CVE•added 2023/03/07 10:15 p.m.•354 views

CVE-2023-1234

Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS4.9AI score0.00382EPSS

CVE•added 2024/08/21 9:15 p.m.•354 views

CVE-2024-7978

Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6AI score0.00083EPSS

CVE•added 2024/08/21 9:15 p.m.•351 views

CVE-2024-7975

Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6.4AI score0.00117EPSS

CVE•added 2023/10/11 11:15 p.m.•338 views

CVE-2023-5485

Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS4.9AI score0.00036EPSS

CVE•added 2023/05/30 10:15 p.m.•315 views

CVE-2023-2937

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS4.7AI score0.00128EPSS

CVE•added 2024/04/17 8:15 a.m.•300 views

CVE-2024-3844

Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

4.3CVSS5.6AI score0.00563EPSS

CVE•added 2023/05/30 10:15 p.m.•296 views

CVE-2023-2938

4.3CVSS4.7AI score0.00128EPSS

CVE•added 2024/11/12 9:15 p.m.•295 views

CVE-2024-11117

Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.2AI score0.00061EPSS

CVE•added 2019/06/27 5:15 p.m.•294 views

CVE-2019-5833

Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.

4.3CVSS4.9AI score0.0078EPSS

CVE•added 2020/05/21 4:15 a.m.•293 views

CVE-2020-6489

Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page.

4.3CVSS4.8AI score0.01041EPSS

CVE•added 2019/06/27 5:15 p.m.•290 views

CVE-2019-5839

Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.

4.3CVSS5AI score0.01034EPSS

CVE•added 2024/11/12 9:15 p.m.•286 views

CVE-2024-11116

Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6.2AI score0.00112EPSS

CVE•added 2020/04/13 6:15 p.m.•284 views

CVE-2020-6438

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.

4.3CVSS4.9AI score0.00691EPSS

CVE•added 2020/04/13 6:15 p.m.•284 views

CVE-2020-6441

Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.

4.3CVSS4.8AI score0.00527EPSS

CVE•added 2023/10/11 11:15 p.m.•284 views

CVE-2023-5477

Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low)

4.3CVSS5AI score0.00023EPSS

CVE•added 2024/04/17 8:15 a.m.•284 views

CVE-2024-3843

Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

4.6CVSS5.4AI score0.00566EPSS

CVE•added 2020/04/13 6:15 p.m.•283 views

CVE-2020-6437

Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.

4.3CVSS5AI score0.00924EPSS

CVE•added 2019/06/27 5:15 p.m.•282 views

CVE-2019-5838

Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.

4.3CVSS5.1AI score0.00474EPSS

CVE•added 2020/04/13 6:15 p.m.•280 views

CVE-2020-6440

Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.

4.3CVSS4.9AI score0.00695EPSS

CVE•added 2024/11/12 9:15 p.m.•280 views

CVE-2024-11111

Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6.2AI score0.00069EPSS

CVE•added 2020/04/13 6:15 p.m.•273 views

CVE-2020-6433

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3CVSS4.8AI score0.0081EPSS

CVE•added 2019/11/25 3:15 p.m.•271 views

CVE-2019-13679

Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.

4.3CVSS4.9AI score0.00172EPSS

CVE•added 2020/05/21 4:15 a.m.•270 views

CVE-2020-6488

Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3CVSS5AI score0.00716EPSS

CVE•added 2019/11/25 3:15 p.m.•269 views

CVE-2019-13674

IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

4.3CVSS5.2AI score0.00236EPSS

CVE•added 2019/11/25 3:15 p.m.•269 views

CVE-2019-13676

Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

4.3CVSS5.1AI score0.00228EPSS

CVE•added 2019/11/25 3:15 p.m.•267 views

CVE-2019-13671

UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page.

4.3CVSS5AI score0.00236EPSS

CVE•added 2020/02/11 3:15 p.m.•267 views

CVE-2020-6392

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

4.3CVSS5.1AI score0.01736EPSS

CVE•added 2024/09/17 9:15 p.m.•266 views

CVE-2024-8906

Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

4.3CVSS6.2AI score0.00138EPSS

CVE•added 2019/11/25 3:15 p.m.•265 views

CVE-2019-13661

UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.

4.3CVSS5AI score0.00236EPSS

CVE•added 2019/11/25 3:15 p.m.•265 views

CVE-2019-13715

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

4.3CVSS5AI score0.00308EPSS

CVE•added 2019/11/25 3:15 p.m.•264 views

CVE-2019-13663

IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

4.3CVSS5.2AI score0.00236EPSS

CVE•added 2020/04/13 6:15 p.m.•264 views

CVE-2020-6431

Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.

4.3CVSS4.8AI score0.00798EPSS

CVE•added 2024/09/17 9:15 p.m.•263 views

CVE-2024-8909

Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS5.9AI score0.00103EPSS

CVE•added 2019/11/25 3:15 p.m.•259 views

CVE-2019-5864

Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.

4.3CVSS5.3AI score0.00069EPSS

CVE•added 2020/07/22 5:15 p.m.•257 views

CVE-2020-6527

Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.

4.3CVSS5AI score0.00623EPSS

CVE•added 2019/11/25 3:15 p.m.•253 views

CVE-2019-13701

Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3CVSS4.7AI score0.0031EPSS

CVE•added 2019/02/19 5:29 p.m.•253 views

CVE-2019-5779

Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3CVSS5AI score0.00654EPSS

CVE•added 2024/08/21 9:15 p.m.•253 views

CVE-2024-7981

Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.4AI score0.00133EPSS

CVE•added 2024/08/21 9:15 p.m.•253 views

CVE-2024-8034

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

4.3CVSS6.4AI score0.00137EPSS

CVE•added 2019/11/25 3:15 p.m.•252 views

CVE-2019-13703

Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3CVSS4.6AI score0.0031EPSS

CVE•added 2019/12/10 10:15 p.m.•251 views

CVE-2019-13754

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3CVSS4.8AI score0.00282EPSS

CVE•added 2020/02/11 3:15 p.m.•251 views

CVE-2020-6396

Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

4.3CVSS4.7AI score0.01371EPSS

Total number of security vulnerabilities433