Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-6636

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-07 Dec, 2013 | 00:00
Updated At-06 Aug, 2024 | 17:46
Rejected At-
Credits

The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:07 Dec, 2013 | 00:00
Updated At:06 Aug, 2024 | 17:46
Rejected At:
▼CVE Numbering Authority (CNA)

The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/56217
third-party-advisory
x_refsource_SECUNIA
https://code.google.com/p/chromium/issues/detail?id=322959
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
vendor-advisory
x_refsource_SUSE
http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html
vendor-advisory
x_refsource_SUSE
http://www.debian.org/security/2013/dsa-2811
vendor-advisory
x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html
vendor-advisory
x_refsource_SUSE
https://src.chromium.org/viewvc/blink?revision=162673&view=revision
x_refsource_CONFIRM
http://www.securitytracker.com/id/1029442
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/56217
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://code.google.com/p/chromium/issues/detail?id=322959
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.debian.org/security/2013/dsa-2811
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://src.chromium.org/viewvc/blink?revision=162673&view=revision
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1029442
Resource:
vdb-entry
x_refsource_SECTRACK
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/56217
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://code.google.com/p/chromium/issues/detail?id=322959
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.debian.org/security/2013/dsa-2811
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://src.chromium.org/viewvc/blink?revision=162673&view=revision
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id/1029442
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/56217
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://code.google.com/p/chromium/issues/detail?id=322959
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.debian.org/security/2013/dsa-2811
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://src.chromium.org/viewvc/blink?revision=162673&view=revision
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1029442
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:07 Dec, 2013 | 00:55
Updated At:11 Apr, 2025 | 00:51

The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
Google LLC
google
>>chrome>>Versions up to 31.0.1650.62(inclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.0
cpe:2.3:a:google:chrome:31.0.1650.0:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.2
cpe:2.3:a:google:chrome:31.0.1650.2:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.3
cpe:2.3:a:google:chrome:31.0.1650.3:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.4
cpe:2.3:a:google:chrome:31.0.1650.4:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.5
cpe:2.3:a:google:chrome:31.0.1650.5:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.6
cpe:2.3:a:google:chrome:31.0.1650.6:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.7
cpe:2.3:a:google:chrome:31.0.1650.7:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.8
cpe:2.3:a:google:chrome:31.0.1650.8:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.9
cpe:2.3:a:google:chrome:31.0.1650.9:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.10
cpe:2.3:a:google:chrome:31.0.1650.10:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.11
cpe:2.3:a:google:chrome:31.0.1650.11:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.12
cpe:2.3:a:google:chrome:31.0.1650.12:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.13
cpe:2.3:a:google:chrome:31.0.1650.13:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.14
cpe:2.3:a:google:chrome:31.0.1650.14:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.15
cpe:2.3:a:google:chrome:31.0.1650.15:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.16
cpe:2.3:a:google:chrome:31.0.1650.16:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.17
cpe:2.3:a:google:chrome:31.0.1650.17:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.18
cpe:2.3:a:google:chrome:31.0.1650.18:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.19
cpe:2.3:a:google:chrome:31.0.1650.19:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.20
cpe:2.3:a:google:chrome:31.0.1650.20:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.22
cpe:2.3:a:google:chrome:31.0.1650.22:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.23
cpe:2.3:a:google:chrome:31.0.1650.23:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.25
cpe:2.3:a:google:chrome:31.0.1650.25:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.26
cpe:2.3:a:google:chrome:31.0.1650.26:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.27
cpe:2.3:a:google:chrome:31.0.1650.27:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.28
cpe:2.3:a:google:chrome:31.0.1650.28:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.29
cpe:2.3:a:google:chrome:31.0.1650.29:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.30
cpe:2.3:a:google:chrome:31.0.1650.30:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.31
cpe:2.3:a:google:chrome:31.0.1650.31:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.32
cpe:2.3:a:google:chrome:31.0.1650.32:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.33
cpe:2.3:a:google:chrome:31.0.1650.33:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.34
cpe:2.3:a:google:chrome:31.0.1650.34:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.35
cpe:2.3:a:google:chrome:31.0.1650.35:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.36
cpe:2.3:a:google:chrome:31.0.1650.36:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.37
cpe:2.3:a:google:chrome:31.0.1650.37:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.38
cpe:2.3:a:google:chrome:31.0.1650.38:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.39
cpe:2.3:a:google:chrome:31.0.1650.39:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.41
cpe:2.3:a:google:chrome:31.0.1650.41:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.42
cpe:2.3:a:google:chrome:31.0.1650.42:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.43
cpe:2.3:a:google:chrome:31.0.1650.43:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.44
cpe:2.3:a:google:chrome:31.0.1650.44:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.45
cpe:2.3:a:google:chrome:31.0.1650.45:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.46
cpe:2.3:a:google:chrome:31.0.1650.46:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.47
cpe:2.3:a:google:chrome:31.0.1650.47:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.48
cpe:2.3:a:google:chrome:31.0.1650.48:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.49
cpe:2.3:a:google:chrome:31.0.1650.49:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.50
cpe:2.3:a:google:chrome:31.0.1650.50:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.51
cpe:2.3:a:google:chrome:31.0.1650.51:*:*:*:*:*:*:*
Google LLC
google
>>chrome>>31.0.1650.52
cpe:2.3:a:google:chrome:31.0.1650.52:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.htmlcve@mitre.org
Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.htmlcve@mitre.org
N/A
http://secunia.com/advisories/56217cve@mitre.org
N/A
http://www.debian.org/security/2013/dsa-2811cve@mitre.org
N/A
http://www.securitytracker.com/id/1029442cve@mitre.org
N/A
https://code.google.com/p/chromium/issues/detail?id=322959cve@mitre.org
N/A
https://src.chromium.org/viewvc/blink?revision=162673&view=revisioncve@mitre.org
Patch
http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/56217af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2013/dsa-2811af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1029442af854a3a-2127-422b-91ae-364da2661108
N/A
https://code.google.com/p/chromium/issues/detail?id=322959af854a3a-2127-422b-91ae-364da2661108
N/A
https://src.chromium.org/viewvc/blink?revision=162673&view=revisionaf854a3a-2127-422b-91ae-364da2661108
Patch
Hyperlink: http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/56217
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2013/dsa-2811
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1029442
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://code.google.com/p/chromium/issues/detail?id=322959
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://src.chromium.org/viewvc/blink?revision=162673&view=revision
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-12/msg00090.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-12/msg00096.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/56217
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2013/dsa-2811
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1029442
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://code.google.com/p/chromium/issues/detail?id=322959
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://src.chromium.org/viewvc/blink?revision=162673&view=revision
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch

Change History

0
Information is not available yet

Similar CVEs

1643Records found
CVE-2017-5079
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.71% / 71.27%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5083
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.71% / 71.27%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5065
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.7||MEDIUM
EPSS-0.71% / 71.27%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page.

Action-Not Available
Vendor-n/aRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationenterprise_linux_servermacoswindowsGoogle Chrome prior to 58.0.3029.81 for Windows and Mac
CWE ID-CWE-20
Improper Input Validation
CVE-2020-6401
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.78% / 72.70%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 14:42
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackports_sleChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5067
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.71% / 71.27%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelenterprise_linux_servermacoswindowsGoogle Chrome prior to 58.0.3029.81 for Linux, Windows and Mac
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5862
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.48%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in AppCache in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5864
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5793
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 54.19%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 19:14
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackportsleapChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5800
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 54.73%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 19:18
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackportsleapChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5801
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.95%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 19:19
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Action-Not Available
Vendor-openSUSEApple Inc.Google LLC
Product-chromeiphone_osbackportsleapChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5799
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.74%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 19:18
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackportsleapChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5839
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-1.03% / 76.44%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5803
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 54.73%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 19:20
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackportsleapChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2011-3907
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 47.36%
||
7 Day CHG~0.00%
Published-13 Dec, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The view-source feature in Google Chrome before 16.0.912.63 allows remote attackers to spoof the URL bar via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-3875
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 55.46%
||
7 Day CHG~0.00%
Published-25 Oct, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 15.0.874.102 does not properly handle drag and drop operations on URL strings, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2848
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 58.85%
||
7 Day CHG~0.00%
Published-17 Sep, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 14.0.835.163 allows user-assisted remote attackers to spoof the URL bar via vectors related to the forward button.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-3063
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.48% / 63.89%
||
7 Day CHG~0.00%
Published-30 Mar, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-15390
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.79% / 72.99%
||
7 Day CHG~0.00%
Published-07 Feb, 2018 | 23:00
Updated-05 Aug, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxGoogle Chrome prior to 62.0.3202.62
CWE ID-CWE-20
Improper Input Validation
CVE-2017-15386
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.79% / 72.99%
||
7 Day CHG~0.00%
Published-07 Feb, 2018 | 23:00
Updated-05 Aug, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxGoogle Chrome prior to 62.0.3202.62
CWE ID-CWE-20
Improper Input Validation
CVE-2017-15389
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.68% / 70.54%
||
7 Day CHG~0.00%
Published-07 Feb, 2018 | 23:00
Updated-05 Aug, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxGoogle Chrome prior to 62.0.3202.62
CWE ID-CWE-20
Improper Input Validation
CVE-2017-15426
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.66% / 70.14%
||
7 Day CHG~0.00%
Published-28 Aug, 2018 | 19:00
Updated-05 Aug, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

Action-Not Available
Vendor-n/aRed Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopGoogle Chrome prior to 63.0.3239.84 unknown
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2357
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-7.94% / 91.69%
||
7 Day CHG~0.00%
Published-12 Aug, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-37996
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 37.94%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 21:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file.

Action-Not Available
Vendor-Google LLCDebian GNU/Linux
Product-chromedebian_linuxChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2017-15424
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.66% / 70.14%
||
7 Day CHG~0.00%
Published-28 Aug, 2018 | 19:00
Updated-05 Aug, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

Action-Not Available
Vendor-n/aRed Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopGoogle Chrome prior to 63.0.3239.84 unknown
CWE ID-CWE-20
Improper Input Validation
CVE-2017-15420
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.91% / 74.84%
||
7 Day CHG~0.00%
Published-28 Aug, 2018 | 19:00
Updated-05 Aug, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2845
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.53% / 66.26%
||
7 Day CHG~0.00%
Published-25 Oct, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-iphone_ossafarichromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-5222
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 57.10%
||
7 Day CHG~0.00%
Published-19 Jan, 2017 | 05:43
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromeGoogle Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android
CWE ID-CWE-20
Improper Input Validation
CVE-2016-5298
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.67% / 70.42%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 00:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50.

Action-Not Available
Vendor-Mozilla CorporationGoogle LLC
Product-firefoxandroidFirefox
CWE ID-CWE-20
Improper Input Validation
CVE-2016-5267
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.40%
||
7 Day CHG~0.00%
Published-05 Aug, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set.

Action-Not Available
Vendor-n/aGoogle LLCMozilla Corporation
Product-firefoxandroidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-5187
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 58.90%
||
7 Day CHG~0.00%
Published-18 Dec, 2016 | 03:34
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromeChrome prior to 54.0.2840.85 for Android
CWE ID-CWE-20
Improper Input Validation
CVE-2016-5188
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 57.02%
||
7 Day CHG~0.00%
Published-18 Dec, 2016 | 03:34
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromeChrome prior to 54.0.2840.59 for Windows, Mac, and Linux
CWE ID-CWE-20
Improper Input Validation
CVE-2019-13675
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 46.35%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2016-10337
Matching Score-10
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-10
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 25.51%
||
7 Day CHG~0.00%
Published-13 Jun, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAll Qualcomm products
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6790
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.94% / 75.28%
||
7 Day CHG~0.00%
Published-14 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-6783
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.48%
||
7 Day CHG~0.00%
Published-06 Dec, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows attackers to bypass a signature-validation requirement via a crafted ZIP archive.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidchromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-3830
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.66%
||
7 Day CHG~0.00%
Published-06 Jun, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-17460
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.29%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in filesystem URIs in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2020-6567
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 66.25%
||
7 Day CHG~0.00%
Published-21 Sep, 2020 | 19:06
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEDebian GNU/LinuxFedora ProjectMicrosoft Corporation
Product-debian_linuxchromefedorawindowsbackports_sleleapChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2017-15425
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.66% / 70.14%
||
7 Day CHG~0.00%
Published-28 Aug, 2018 | 19:00
Updated-05 Aug, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

Action-Not Available
Vendor-n/aRed Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopGoogle Chrome prior to 63.0.3239.84 unknown
CWE ID-CWE-20
Improper Input Validation
CVE-2017-15394
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.31% / 78.94%
||
7 Day CHG~0.00%
Published-07 Feb, 2018 | 23:00
Updated-05 Aug, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.

Action-Not Available
Vendor-n/aGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxGoogle Chrome prior to 62.0.3202.62
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1616
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-1.18% / 77.88%
||
7 Day CHG~0.00%
Published-25 Jan, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CVE-2016-5160
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.68% / 70.67%
||
7 Day CHG~0.00%
Published-11 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162.

Action-Not Available
Vendor-n/aGoogle LLCopenSUSE
Product-leapchromen/a
CVE-2016-1694
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5.3||MEDIUM
EPSS-0.71% / 71.40%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority.

Action-Not Available
Vendor-n/aopenSUSESUSERed Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverleapopensuseenterprise_linux_desktopenterprise_linux_workstationchromedebian_linuxlinux_enterprisen/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-5148
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.1||MEDIUM
EPSS-0.67% / 70.39%
||
7 Day CHG~0.00%
Published-11 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)."

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-1664
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-1.06% / 76.69%
||
7 Day CHG+0.11%
Published-14 May, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site.

Action-Not Available
Vendor-n/aRed Hat, Inc.Google LLCopenSUSE
Product-enterprise_linux_workstation_supplementaryopensuseenterprise_linux_server_supplementarychromeenterprise_linux_server_supplementary_eusenterprise_linux_desktop_supplementaryn/a
CVE-2016-5176
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.50%
||
7 Day CHG~0.00%
Published-29 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-5207
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 44.16%
||
7 Day CHG~0.00%
Published-19 Jan, 2017 | 05:43
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromeGoogle Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-2782
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.66%
||
7 Day CHG~0.00%
Published-03 Aug, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enforce permissions for files, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncGoogle LLC
Product-linux_kernelchromen/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2011-3054
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.66% / 70.06%
||
7 Day CHG~0.00%
Published-22 Mar, 2012 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

Action-Not Available
Vendor-n/aopenSUSEGoogle LLC
Product-opensusechromen/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2010-2301
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 64.93%
||
7 Day CHG~0.00%
Published-15 Jun, 2010 | 17:48
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762.

Action-Not Available
Vendor-n/aopenSUSESUSEGoogle LLC
Product-opensusesuse_linux_enterprise_serverchromesuse_linux_enterprise_desktopn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 32
  • 33
  • Next
Details not found