Search Results (Refine Search)
- CPE Product Version: cpe:/a:google:chrome:42.0.2311.107::~~~android~~
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-3890 |
Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Published: November 08, 2022; 11:15:10 PM -0500 |
V3.1: 9.6 CRITICAL V2.0:(not available) |
CVE-2020-16873 |
<p>A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system.</p> <p>For the attack to be successful, the targeted user would need to browse to a malicious website or a website serving the malicious code through Xamarin.Forms.</p> <p>The security update addresses this vulnerability by preventing the malicious Javascript from running in the WebView.</p> Published: September 11, 2020; 1:15:17 PM -0400 |
V3.1: 4.7 MEDIUM V2.0: 6.8 MEDIUM |
CVE-2016-5197 |
The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page. Published: January 19, 2017; 12:59:00 AM -0500 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-5196 |
The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page. Published: January 19, 2017; 12:59:00 AM -0500 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2015-1261 |
android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text. Published: May 20, 2015; 6:59:13 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |