CVE-2023-7013
https://notcve.org/view.php?id=CVE-2023-7013
Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html https://issues.chromium.org/issues/40071326 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2023-7011
https://notcve.org/view.php?id=CVE-2023-7011
Inappropriate implementation in Picture in Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html https://issues.chromium.org/issues/40066780 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVE-2024-6779
https://notcve.org/view.php?id=CVE-2024-6779
Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/351327767 •
CVE-2024-6778
https://notcve.org/view.php?id=CVE-2024-6778
Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High) • https://github.com/ading2210/CVE-2024-6778-POC https://github.com/r00tjunip3r1/POC-CVE-2024-6778 https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/341136300 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-366: Race Condition within a Thread •
CVE-2024-6777
https://notcve.org/view.php?id=CVE-2024-6777
Use after free in Navigation in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/345640549 • CWE-416: Use After Free •