Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-38004

Summary
Assigner-Chrome
Assigner Org ID-ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At-23 Nov, 2021 | 21:30
Updated At-04 Aug, 2024 | 01:30
Rejected At-
Credits

Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Chrome
Assigner Org ID:ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At:23 Nov, 2021 | 21:30
Updated At:04 Aug, 2024 | 01:30
Rejected At:
▼CVE Numbering Authority (CNA)

Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Affected Products
Vendor
Google LLCGoogle
Product
Chrome
Versions
Affected
  • From unspecified before 95.0.4638.69 (custom)
Problem Types
TypeCWE IDDescription
textN/AInsufficient policy enforcement
Type: text
CWE ID: N/A
Description: Insufficient policy enforcement
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
x_refsource_MISC
https://crbug.com/1227170
x_refsource_MISC
https://www.debian.org/security/2022/dsa-5046
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
Resource:
x_refsource_MISC
Hyperlink: https://crbug.com/1227170
Resource:
x_refsource_MISC
Hyperlink: https://www.debian.org/security/2022/dsa-5046
Resource:
vendor-advisory
x_refsource_DEBIAN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
x_refsource_MISC
x_transferred
https://crbug.com/1227170
x_refsource_MISC
x_transferred
https://www.debian.org/security/2022/dsa-5046
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://crbug.com/1227170
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.debian.org/security/2022/dsa-5046
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:chrome-cve-admin@google.com
Published At:23 Nov, 2021 | 22:15
Updated At:18 Feb, 2022 | 16:41

Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
Google LLC
google
>>chrome>>Versions before 95.0.4638.69(exclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-668Primarynvd@nist.gov
CWE ID: CWE-668
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.htmlchrome-cve-admin@google.com
Release Notes
Vendor Advisory
https://crbug.com/1227170chrome-cve-admin@google.com
Permissions Required
Vendor Advisory
https://www.debian.org/security/2022/dsa-5046chrome-cve-admin@google.com
Third Party Advisory
Hyperlink: https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
Source: chrome-cve-admin@google.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://crbug.com/1227170
Source: chrome-cve-admin@google.com
Resource:
Permissions Required
Vendor Advisory
Hyperlink: https://www.debian.org/security/2022/dsa-5046
Source: chrome-cve-admin@google.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

901Records found
CVE-2022-27576
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.06% / 18.35%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-1637
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 55.27%
||
7 Day CHG~0.00%
Published-26 Jul, 2022 | 21:56
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-1488
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 47.94%
||
7 Day CHG~0.00%
Published-26 Jul, 2022 | 21:32
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-1498
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.34% / 56.23%
||
7 Day CHG~0.00%
Published-26 Jul, 2022 | 21:35
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-1875
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.34% / 56.61%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 21:20
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2012-5639
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 63.57%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 13:55
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibreOffice and OpenOffice automatically open embedded content

Action-Not Available
Vendor-libreofficeLibreOffice; OpenOfficeDebian GNU/LinuxThe Apache Software Foundation
Product-openofficedebian_linuxlibreofficeLibreOffice, OpenOffice
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-6490
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-1.04% / 77.53%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 03:46
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-6442
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-1.09% / 78.09%
||
7 Day CHG~0.00%
Published-13 Apr, 2020 | 17:30
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2026-7340
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 0.84%
||
7 Day CHG-0.00%
Published-28 Apr, 2026 | 22:36
Updated-30 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in ANGLE in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-chromewindowslinux_kernelmacosChrome
CWE ID-CWE-472
External Control of Assumed-Immutable Web Parameter
CVE-2026-7933
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-Not Assigned
Published-06 May, 2026 | 18:12
Updated-06 May, 2026 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in WebCodecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-chromewindowslinux_kernelmacosChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-5864
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.17%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 21:20
Updated-14 Apr, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-5867
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.17%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 21:20
Updated-14 Apr, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-5918
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.54%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 21:21
Updated-14 Apr, 2026 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-346
Origin Validation Error
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-5889
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 0.46%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 21:20
Updated-14 Apr, 2026 | 11:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2026-4453
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 9.07%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 01:34
Updated-20 Mar, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLCApple Inc.
Product-chromemacosChrome
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-472
External Control of Assumed-Immutable Web Parameter
CVE-2018-8037
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.9||MEDIUM
EPSS-8.45% / 92.37%
||
7 Day CHG~0.00%
Published-02 Aug, 2018 | 14:00
Updated-16 Sep, 2024 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.

Action-Not Available
Vendor-The Apache Software FoundationDebian GNU/Linux
Product-debian_linuxtomcatApache Tomcat
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2026-6298
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 1.14%
||
7 Day CHG~0.00%
Published-15 Apr, 2026 | 19:04
Updated-17 Apr, 2026 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-5869
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.17%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 21:20
Updated-14 Apr, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-14373
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 15.43%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 19:20
Updated-19 Dec, 2025 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-linux_kernelwindowschromemacosChrome
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2018-6117
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.94% / 76.28%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 19:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6125
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 52.83%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 22:35
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in USB in Google Chrome on Windows prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CVE-2018-6032
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.76% / 73.35%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2026-7969
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-Not Assigned
Published-06 May, 2026 | 18:12
Updated-07 May, 2026 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-chromewindowslinux_kernelmacosChrome
CWE ID-CWE-472
External Control of Assumed-Immutable Web Parameter
CVE-2018-6069
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.57% / 68.66%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 15:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-debian_linuxchromelinux_workstationlinux_serverlinux_desktopChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-6077
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.73% / 72.73%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 15:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6112
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-1.19% / 78.89%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 19:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-706
Use of Incorrectly-Resolved Name or Reference
CVE-2018-6134
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.69%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information leak in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-7972
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-Not Assigned
Published-06 May, 2026 | 18:12
Updated-07 May, 2026 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-chromewindowslinux_kernelmacosChrome
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2018-6066
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-14.41% / 94.45%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 15:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-debian_linuxchromelinux_workstationlinux_serverlinux_desktopChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6053
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-3.3||LOW
EPSS-0.17% / 37.83%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6142
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 53.10%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-6082
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.7||MEDIUM
EPSS-0.66% / 71.17%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 15:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.

Action-Not Available
Vendor-n/aRed Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-2874
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 16.91%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures.

Action-Not Available
Vendor-n/aMicrosoft CorporationGoogle LLC
Product-chromewindowsn/a
CVE-2018-6159
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.25%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6089
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.94% / 76.28%
||
7 Day CHG~0.00%
Published-04 Dec, 2018 | 17:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-debian_linuxchromelinux_workstationlinux_serverlinux_desktopChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2018-6132
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.70%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uninitialized data in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2020-8021
Matching Score-8
Assigner-SUSE
ShareView Details
Matching Score-8
Assigner-SUSE
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 39.98%
||
7 Day CHG~0.00%
Published-19 May, 2020 | 14:25
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
unauthorized read access to files where sourceaccess is disabled via a crafted _service file in Open Build Service

a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5.

Action-Not Available
Vendor-Debian GNU/LinuxopenSUSE
Product-debian_linuxopen_build_serviceOpen Build Service
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-6051
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.57% / 68.69%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-6179
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.53% / 67.30%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 19:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6168
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.52%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6047
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.84% / 74.76%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2018-6099
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.94% / 76.28%
||
7 Day CHG~0.00%
Published-04 Dec, 2018 | 17:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-debian_linuxchromelinux_workstationlinux_serverlinux_desktopChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6045
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.89% / 75.59%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.

Action-Not Available
Vendor-n/aRed Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6150
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.25%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-5826
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 28.20%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 17:00
Updated-17 Sep, 2024 | 01:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, due to a race condition, a Use After Free condition can occur in the WLAN driver.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2018-6048
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.77% / 73.66%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2018-6137
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.64% / 70.59%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 19:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6080
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.75% / 73.19%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 15:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-6036
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.89% / 75.59%
||
7 Day CHG~0.00%
Published-25 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2018-6075
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.73% / 72.73%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 15:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-debian_linuxchromelinux_workstationlinux_serverlinux_desktopChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 18
  • 19
  • Next
Details not found