Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-4183

Summary
Assigner-Chrome
Assigner Org ID-ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At-29 Nov, 2022 | 00:00
Updated At-03 Aug, 2024 | 01:34
Rejected At-
Credits

Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Chrome
Assigner Org ID:ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At:29 Nov, 2022 | 00:00
Updated At:03 Aug, 2024 | 01:34
Rejected At:
▼CVE Numbering Authority (CNA)

Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Affected Products
Vendor
Google LLCGoogle
Product
Chrome
Versions
Affected
  • From unspecified before 108.0.5359.71 (custom)
Problem Types
TypeCWE IDDescription
textN/AInsufficient policy enforcement
Type: text
CWE ID: N/A
Description: Insufficient policy enforcement
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
N/A
https://crbug.com/1251790
N/A
https://security.gentoo.org/glsa/202305-10
vendor-advisory
https://security.gentoo.org/glsa/202311-11
vendor-advisory
Hyperlink: https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
Resource: N/A
Hyperlink: https://crbug.com/1251790
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/202305-10
Resource:
vendor-advisory
Hyperlink: https://security.gentoo.org/glsa/202311-11
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
x_transferred
https://crbug.com/1251790
x_transferred
https://security.gentoo.org/glsa/202305-10
vendor-advisory
x_transferred
https://security.gentoo.org/glsa/202311-11
vendor-advisory
x_transferred
Hyperlink: https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
Resource:
x_transferred
Hyperlink: https://crbug.com/1251790
Resource:
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202305-10
Resource:
vendor-advisory
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202311-11
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:chrome-cve-admin@google.com
Published At:30 Nov, 2022 | 00:15
Updated At:25 Nov, 2023 | 11:15

Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches
Google LLC
google
>>chrome>>Versions before 108.0.5359.71(exclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.htmlchrome-cve-admin@google.com
Release Notes
Vendor Advisory
https://crbug.com/1251790chrome-cve-admin@google.com
Issue Tracking
Permissions Required
https://security.gentoo.org/glsa/202305-10chrome-cve-admin@google.com
N/A
https://security.gentoo.org/glsa/202311-11chrome-cve-admin@google.com
N/A
Hyperlink: https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
Source: chrome-cve-admin@google.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://crbug.com/1251790
Source: chrome-cve-admin@google.com
Resource:
Issue Tracking
Permissions Required
Hyperlink: https://security.gentoo.org/glsa/202305-10
Source: chrome-cve-admin@google.com
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/202311-11
Source: chrome-cve-admin@google.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

229Records found
CVE-2023-3740
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.37%
||
7 Day CHG~0.00%
Published-01 Aug, 2023 | 22:39
Updated-13 Feb, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CVE-2023-3737
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 41.33%
||
7 Day CHG~0.00%
Published-01 Aug, 2023 | 22:39
Updated-13 Feb, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CVE-2023-3733
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.05%
||
7 Day CHG~0.00%
Published-01 Aug, 2023 | 22:39
Updated-13 Feb, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CVE-2023-3734
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 41.33%
||
7 Day CHG~0.00%
Published-01 Aug, 2023 | 22:39
Updated-13 Feb, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CVE-2026-3927
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.95%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 22:04
Updated-13 Mar, 2026 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-3935
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.20%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 22:04
Updated-16 Mar, 2026 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-3941
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 10.97%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 22:04
Updated-13 Mar, 2026 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CVE-2026-3940
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.91%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 22:04
Updated-16 Mar, 2026 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-284
Improper Access Control
CVE-2026-3942
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.95%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 22:04
Updated-13 Mar, 2026 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-3925
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.50%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 22:04
Updated-13 Mar, 2026 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in LookalikeChecks in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-3928
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.75%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 22:04
Updated-17 Mar, 2026 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2023-1236
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.61%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 21:42
Updated-09 Oct, 2024 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CVE-2020-6528
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-1.74% / 82.63%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 16:16
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEApple Inc.Fedora ProjectDebian GNU/Linux
Product-iphone_osdebian_linuxchromefedorabackports_sleleapChrome
CVE-2020-6488
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.61% / 69.83%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 03:46
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-6433
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.74% / 72.95%
||
7 Day CHG~0.00%
Published-13 Apr, 2020 | 17:30
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CVE-2020-6504
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.73%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 22:50
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2026-2323
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 1.46%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 18:08
Updated-13 Feb, 2026 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Linux Kernel Organization, IncApple Inc.Microsoft CorporationGoogle LLC
Product-chromelinux_kernelmacoswindowsChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2025-8582
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.24%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 01:30
Updated-13 Nov, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Linux Kernel Organization, IncApple Inc.Google LLCMicrosoft Corporation
Product-chromewindowsmacoslinux_kernelChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2025-8580
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 22.81%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 01:30
Updated-08 Aug, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Linux Kernel Organization, IncGoogle LLC
Product-chromelinux_kernelmacoswindowsChrome
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-8577
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 22.81%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 01:30
Updated-08 Aug, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Linux Kernel Organization, IncGoogle LLC
Product-chromelinux_kernelmacoswindowsChrome
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2938
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.15%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 21:31
Updated-18 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2023-2937
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 36.15%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 21:31
Updated-11 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2023-2941
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 21:31
Updated-11 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2019-5864
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.04%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5840
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.60% / 69.73%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEApple Inc.Fedora ProjectDebian GNU/Linux
Product-iphone_osdebian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2019-5839
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-1.01% / 77.29%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5833
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.77% / 73.55%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromeandroidfedorabackportsleapChrome
CVE-2019-5838
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.46% / 64.49%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-5873
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 46.39%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy validation in navigation in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Action-Not Available
Vendor-Apple Inc.Google LLC
Product-chromeiphone_osChrome
CVE-2023-2463
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.75%
||
7 Day CHG~0.00%
Published-02 May, 2023 | 23:47
Updated-13 Feb, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectGoogle LLC
Product-chromeandroidfedoradebian_linuxChrome
CVE-2023-2464
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.72%
||
7 Day CHG~0.00%
Published-02 May, 2023 | 23:47
Updated-13 Feb, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectGoogle LLC
Product-chromedebian_linuxfedoraChrome
CVE-2023-2466
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.75%
||
7 Day CHG~0.00%
Published-02 May, 2023 | 23:47
Updated-13 Feb, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectGoogle LLC
Product-chromedebian_linuxfedoraChrome
CVE-2023-2468
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.75%
||
7 Day CHG~0.00%
Published-02 May, 2023 | 23:47
Updated-13 Feb, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectGoogle LLC
Product-chromedebian_linuxfedoraChrome
CVE-2023-2467
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.19%
||
7 Day CHG~0.00%
Published-02 May, 2023 | 23:47
Updated-13 Feb, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectGoogle LLC
Product-chromeandroidfedoradebian_linuxChrome
CVE-2024-3844
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-1.11% / 78.31%
||
7 Day CHG+0.29%
Published-17 Apr, 2024 | 07:46
Updated-13 Feb, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechrome
CWE ID-CWE-358
Improperly Implemented Security Check for Standard
CVE-2024-3838
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.06%
||
7 Day CHG-0.04%
Published-17 Apr, 2024 | 07:46
Updated-13 Feb, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChromechrome
CWE ID-CWE-358
Improperly Implemented Security Check for Standard
CVE-2024-3846
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5.4||MEDIUM
EPSS-1.21% / 79.15%
||
7 Day CHG+0.31%
Published-17 Apr, 2024 | 07:46
Updated-13 Feb, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechrome
CVE-2024-3845
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 57.48%
||
7 Day CHG+0.09%
Published-17 Apr, 2024 | 07:46
Updated-13 Feb, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechrome
CWE ID-CWE-1068
Inconsistency Between Implementation and Documented Design
CWE ID-CWE-358
Improperly Implemented Security Check for Standard
CVE-2025-6428
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 38.75%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 12:28
Updated-13 Apr, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Firefox for Android opened URLs specified in a link querystring parameter

When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140.

Action-Not Available
Vendor-Google LLCMozilla Corporation
Product-firefoxandroidFirefox
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-3843
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.6||MEDIUM
EPSS-0.72% / 72.60%
||
7 Day CHG+0.19%
Published-17 Apr, 2024 | 07:46
Updated-13 Feb, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechrome
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2019-13755
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-1.85% / 83.16%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:01
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverenterprise_linux_for_scientific_computingdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CVE-2019-13758
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-1.00% / 77.17%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:01
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverenterprise_linux_for_scientific_computingdebian_linuxchromeandroidenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CVE-2019-13681
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.76%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-13691
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 46.39%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CVE-2019-13756
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-1.85% / 83.16%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:01
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverenterprise_linux_for_scientific_computingdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CVE-2022-1495
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 55.51%
||
7 Day CHG~0.00%
Published-26 Jul, 2022 | 21:34
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2019-13719
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.49% / 65.82%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackports_sleChrome
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2019-13761
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-2.34% / 84.99%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 21:01
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverenterprise_linux_for_scientific_computingdebian_linuxchromeenterprise_linux_workstationfedoraenterprise_linux_desktopChrome
CVE-2019-13717
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.83%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackports_sleChrome
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2019-13674
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 46.39%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found