Search Results (Refine Search)
- Keyword (text search): Chrome
- Search Type: Search Last 3 Months
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-1676 |
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) Published: February 20, 2024; 11:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1675 |
Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) Published: February 20, 2024; 11:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1674 |
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) Published: February 20, 2024; 11:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1673 |
Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) Published: February 20, 2024; 11:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1672 |
Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) Published: February 20, 2024; 11:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1671 |
Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) Published: February 20, 2024; 11:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1670 |
Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: February 20, 2024; 11:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1669 |
Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Published: February 20, 2024; 11:15:08 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-45207 |
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. (This has been mitigated by sanitising the JavaScript code present in a PDF document.) Published: February 13, 2024; 11:15:08 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-47131 |
The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file. Published: February 08, 2024; 6:15:09 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2024-1284 |
Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: February 06, 2024; 7:15:56 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-1283 |
Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: February 06, 2024; 7:15:56 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-1077 |
Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) Published: January 30, 2024; 5:15:53 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-1060 |
Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: January 30, 2024; 5:15:53 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-1059 |
Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) Published: January 30, 2024; 5:15:52 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-0814 |
Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Published: January 23, 2024; 7:15:08 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2024-0813 |
Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) Published: January 23, 2024; 7:15:08 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-0812 |
Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) Published: January 23, 2024; 7:15:08 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-0811 |
Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) Published: January 23, 2024; 7:15:08 PM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2024-0810 |
Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium) Published: January 23, 2024; 7:15:08 PM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |