Skip to main content

Chrome

3935 CVEs product

Monthly

CVE-2020-6447 HIGH POC This Week

Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Information Disclosure Chrome Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-6446 MEDIUM This Month

Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-6445 MEDIUM This Month

Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-6444 MEDIUM POC This Month

Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux +2
NVD
CVSS 3.1
6.3
EPSS
1.4%
CVE-2020-6443 HIGH This Week

Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-6442 MEDIUM POC This Month

Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
4.3
EPSS
1.9%
CVE-2020-6441 MEDIUM This Month

Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
4.3
EPSS
1.7%
CVE-2020-6440 MEDIUM This Month

Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2020-6439 HIGH This Week

Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-6438 MEDIUM POC This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2020-6437 MEDIUM POC This Month

Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
4.3
EPSS
1.7%
CVE-2020-6436 HIGH This Week

Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-6435 MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6434 HIGH POC This Week

Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-6433 MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6432 MEDIUM This Month

Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
4.3
EPSS
1.7%
CVE-2020-6431 MEDIUM This Month

Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Debian Linux Fedora +2
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2020-6430 HIGH POC This Week

Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora +3
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-6423 HIGH This Week

Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-6449 HIGH POC This Week

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +5
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-6429 HIGH POC This Week

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Denial Of Service Memory Corruption Chrome +5
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-6428 HIGH POC This Week

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Denial Of Service Memory Corruption Chrome +5
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-6427 HIGH POC This Week

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Denial Of Service Memory Corruption Chrome +5
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-6426 MEDIUM POC This Month

Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Backports Sle +4
NVD
CVSS 3.1
6.5
EPSS
2.9%
CVE-2020-6425 MEDIUM PATCH This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Chrome Debian Linux Fedora +1
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-6424 HIGH This Week

Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +5
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2020-6422 HIGH POC This Week

Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Denial Of Service Memory Corruption Chrome +5
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-6420 HIGH This Week

Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-10531 HIGH PATCH This Week

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow International Components For Unicode Enterprise Linux Desktop Enterprise Linux Server +8
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-6418 HIGH POC KEV THREAT Act Now

Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora +4
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
78.8%
CVE-2020-6407 HIGH This Week

Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-6386 HIGH POC This Week

Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +5
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-6384 HIGH POC This Week

Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +5
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-6383 HIGH POC This Week

Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora +4
NVD
CVSS 3.1
8.8
EPSS
6.4%
CVE-2020-6417 HIGH This Week

Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google RCE Chrome
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-6416 HIGH POC This Week

Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux +5
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-6415 HIGH POC This Week

Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora +6
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-6414 HIGH This Week

Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Backports Sle
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-6413 HIGH This Week

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Backports Sle
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-6412 MEDIUM This Month

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle
NVD
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-6411 MEDIUM This Month

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-6410 HIGH This Week

Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a crafted domain name. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-6409 HIGH This Week

Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-6408 MEDIUM POC This Month

Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-6406 HIGH PATCH This Week

Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Use After Free Denial Of Service Memory Corruption Chrome +6
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-6405 MEDIUM This Month

Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Chrome
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2020-6404 HIGH POC This Week

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Backports Sle +6
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-6403 MEDIUM POC This Month

Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Apple Chrome Backports Sle +6
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6402 HIGH This Week

Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-6401 MEDIUM This Month

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-6400 MEDIUM POC This Month

Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2020-6399 MEDIUM This Month

Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2020-6398 HIGH PATCH This Week

Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Google Information Disclosure Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-6397 MEDIUM POC This Month

Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-6396 MEDIUM POC This Month

Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
4.3
EPSS
1.7%
CVE-2020-6395 MEDIUM This Month

Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Chrome
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2020-6394 MEDIUM POC This Month

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
5.4
EPSS
1.7%
CVE-2020-6393 MEDIUM PATCH This Month

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-6392 MEDIUM POC This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2020-6391 MEDIUM POC This Month

Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2020-6390 HIGH POC This Week

Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora +6
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-6389 HIGH This Week

Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-6388 HIGH This Week

Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Information Disclosure Chrome
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-6387 HIGH This Week

Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-6385 HIGH POC This Week

Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-6382 HIGH POC This Week

Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora +6
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-6381 HIGH POC This Week

Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Buffer Overflow Integer Overflow Chrome Backports Sle +6
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-6380 HIGH This Week

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-6379 HIGH This Week

Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-6378 HIGH POC This Week

Use after free in speech in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-6377 HIGH POC This Week

Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +6
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-13764 HIGH POC This Week

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Memory Corruption Chrome Debian Linux +6
NVD
CVSS 3.1
8.8
EPSS
6.4%
CVE-2019-13763 MEDIUM This Month

Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2019-13762 LOW Monitor

Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Debian Linux +5
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2019-13761 MEDIUM This Month

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2019-13759 MEDIUM POC This Month

Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2019-13758 MEDIUM This Month

Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2019-13757 MEDIUM This Month

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2019-13756 MEDIUM This Month

Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2019-13755 MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2019-13754 MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2019-13753 MEDIUM This Month

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Debian Linux +6
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-13752 MEDIUM This Month

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Debian Linux +6
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-13751 MEDIUM This Month

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +5
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2019-13750 MEDIUM This Month

Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Debian Linux Fedora +5
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2019-13749 MEDIUM This Month

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Chrome Debian Linux +5
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-13748 MEDIUM PATCH This Month

Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Google Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-13747 HIGH This Week

Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome Debian Linux +5
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-13746 MEDIUM This Month

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-13745 MEDIUM POC This Month

Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Debian Linux Package Hub +5
NVD
CVSS 3.1
6.5
EPSS
1.5%
EPSS 2% CVSS 8.8
HIGH POC This Week

Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Information Disclosure +5
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome +4
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome +4
NVD
EPSS 1% CVSS 6.3
MEDIUM POC This Month

Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Chrome +4
NVD
EPSS 2% CVSS 4.3
MEDIUM POC This Month

Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome +4
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 2% CVSS 4.3
MEDIUM POC This Month

Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +6
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +4
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service +6
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +4
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +4
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome +4
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Information Disclosure +5
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +6
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service +7
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Denial Of Service +7
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Denial Of Service +7
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Denial Of Service +7
NVD
EPSS 3% CVSS 6.5
MEDIUM POC This Month

Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption +6
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Chrome +3
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +7
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Denial Of Service +7
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow International Components For Unicode +10
NVD GitHub
EPSS 79% CVSS 8.8
HIGH POC KEV THREAT Act Now

Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Information Disclosure +6
NVD Exploit-DB
EPSS 2% CVSS 8.8
HIGH This Week

Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service +7
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service +7
NVD
EPSS 6% CVSS 8.8
HIGH POC This Week

Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Information Disclosure +6
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google RCE Chrome
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +7
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption +8
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a crafted domain name. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +7
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Use After Free Denial Of Service +8
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption +8
NVD
EPSS 2% CVSS 4.3
MEDIUM POC This Month

Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Apple +8
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Chrome +7
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +7
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Google Information Disclosure Chrome +7
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +7
NVD
EPSS 2% CVSS 4.3
MEDIUM POC This Month

Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +7
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure +1
NVD
EPSS 2% CVSS 5.4
MEDIUM POC This Month

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome +7
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Chrome +7
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Chrome +7
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Chrome +7
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption +8
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Information Disclosure +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome +7
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Information Disclosure +8
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Buffer Overflow Integer Overflow +8
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +3
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Use after free in speech in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service +3
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service +8
NVD
EPSS 6% CVSS 8.8
HIGH POC This Week

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Memory Corruption +8
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +6
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure +7
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +6
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +6
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +6
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +6
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +6
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +6
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +6
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +8
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +8
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +7
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +7
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure +7
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Google Chrome +6
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption +7
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +6
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +7
NVD
Prev Page 29 of 44 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy