Page 25 of 3953 results (0.009 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html https://issues.chromium.org/issues/40071326 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Inappropriate implementation in Picture in Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html https://issues.chromium.org/issues/40066780 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/351327767 •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High) • https://github.com/ading2210/CVE-2024-6778-POC https://github.com/r00tjunip3r1/POC-CVE-2024-6778 https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/341136300 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-366: Race Condition within a Thread •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Use after free in Navigation in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/345640549 • CWE-416: Use After Free •