Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-0442

Summary
Assigner-Chrome
Assigner Org ID-ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At-15 Jan, 2025 | 10:58
Updated At-14 Mar, 2025 | 17:07
Rejected At-
Credits

Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Chrome
Assigner Org ID:ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At:15 Jan, 2025 | 10:58
Updated At:14 Mar, 2025 | 17:07
Rejected At:
▼CVE Numbering Authority (CNA)

Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Affected Products
Vendor
Google LLCGoogle
Product
Chrome
Versions
Affected
  • From 132.0.6834.83 before 132.0.6834.83 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AInappropriate implementation
Type: N/A
CWE ID: N/A
Description: Inappropriate implementation
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html
N/A
https://issues.chromium.org/issues/40940854
N/A
Hyperlink: https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html
Resource: N/A
Hyperlink: https://issues.chromium.org/issues/40940854
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-290CWE-290 Authentication Bypass by Spoofing
Type: CWE
CWE ID: CWE-290
Description: CWE-290 Authentication Bypass by Spoofing
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:chrome-cve-admin@google.com
Published At:15 Jan, 2025 | 11:15
Updated At:21 Apr, 2025 | 20:53

Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CPE Matches
Google LLC
google
>>chrome>>Versions before 132.0.6834.83(exclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-290Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-290
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.htmlchrome-cve-admin@google.com
Release Notes
https://issues.chromium.org/issues/40940854chrome-cve-admin@google.com
Exploit
Issue Tracking
Hyperlink: https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html
Source: chrome-cve-admin@google.com
Resource:
Release Notes
Hyperlink: https://issues.chromium.org/issues/40940854
Source: chrome-cve-admin@google.com
Resource:
Exploit
Issue Tracking

Change History

0
Information is not available yet

Similar CVEs

219Records found
CVE-2021-21216
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.94% / 75.27%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 16:26
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2019-13709
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.64%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackports_sleChrome
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2021-21134
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-15.32% / 94.36%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 13:56
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.

Action-Not Available
Vendor-Apple Inc.Google LLCMicrosoft Corporation
Product-chromeiphone_osedge_chromiumChrome
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2025-0440
Matching Score-10
Assigner-Google LLC
ShareView Details
Matching Score-10
Assigner-Google LLC
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.07%
||
7 Day CHG-0.04%
Published-15 Jan, 2025 | 10:58
Updated-21 Apr, 2025 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-windowschromeChrome
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2022-1129
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 54.83%
||
7 Day CHG~0.00%
Published-22 Jul, 2022 | 23:36
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2021-21215
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.70% / 71.09%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 16:26
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2024-5840
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.57%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 20:58
Updated-13 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechromefedora
CWE ID-CWE-284
Improper Access Control
CVE-2019-5800
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 54.74%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 19:18
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackportsleapChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5794
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.95%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 19:14
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackports_sleleapChrome
CVE-2024-5500
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.83%
||
7 Day CHG+0.11%
Published-16 Jul, 2024 | 22:14
Updated-01 Aug, 2024 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChromechrome
CWE ID-CWE-358
Improperly Implemented Security Check for Standard
CVE-2019-5802
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.95%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 19:19
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackports_sleleapChrome
CVE-2019-5803
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 54.74%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 19:20
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackportsleapChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5086
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.71% / 71.28%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

Action-Not Available
Vendor-n/aRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationenterprise_linux_servermacoswindowsGoogle Chrome prior to 59.0.3071.86 for Windows and Mac
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5106
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.16% / 77.68%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5101
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.16% / 77.68%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kerneldebian_linuxenterprise_linux_servermacoswindowsGoogle Chrome prior to 60.0.3112.78 for Linux, Windows and Mac
CVE-2017-5060
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.69% / 70.79%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 58.0.3029.81 for Mac, Windows and Linux, and 58.0.3029.83 for Android
CWE ID-CWE-863
Incorrect Authorization
CVE-2017-5110
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.07% / 76.79%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5104
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.16% / 77.68%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.Apple Inc.Google LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationdebian_linuxenterprise_linux_servermacosGoogle Chrome prior to 60.0.3112.78 for Mac
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5120
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.87% / 74.26%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring).

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopandroidenterprise_linux_workstationlinux_kerneldebian_linuxenterprise_linux_servermacoswindowsGoogle Chrome prior to 61.0.3163.79 for Mac, Windows and Linux, and 61.0.3163.81 for Android
CVE-2017-5093
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.16% / 77.68%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5105
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.16% / 77.68%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5094
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.98% / 75.87%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsdebian_linuxenterprise_linux_servermacosandroidGoogle Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2017-5089
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.71% / 71.28%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name.

Action-Not Available
Vendor-n/aRed Hat, Inc.Apple Inc.Google LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationenterprise_linux_servermacosGoogle Chrome prior to 59.0.3071.104 for Mac
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5076
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.71% / 71.28%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5862
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.49%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in AppCache in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5812
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.15%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectApple Inc.Google LLC
Product-chromeiphone_osfedoraChrome
CVE-2019-5799
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.74%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 19:18
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackportsleapChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5793
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 54.20%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 19:14
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.

Action-Not Available
Vendor-openSUSEGoogle LLC
Product-chromebackportsleapChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2019-5801
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.95%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 19:19
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Action-Not Available
Vendor-openSUSEApple Inc.Google LLC
Product-chromeiphone_osbackportsleapChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2020-15985
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.82% / 73.41%
||
7 Day CHG~0.00%
Published-03 Nov, 2020 | 02:21
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-chromebackports_sledebian_linuxfedoraChrome
CVE-2019-5865
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.63%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:22
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in navigations in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-862
Missing Authorization
CVE-2021-37989
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.68% / 70.62%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 21:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page.

Action-Not Available
Vendor-Google LLCDebian GNU/Linux
Product-chromedebian_linuxChrome
CVE-2021-38018
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.80% / 73.13%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CVE-2021-37995
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 57.05%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 21:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Action-Not Available
Vendor-Google LLCDebian GNU/Linux
Product-chromedebian_linuxChrome
CVE-2021-38010
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 57.23%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CVE-2021-37994
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 56.16%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 21:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Action-Not Available
Vendor-Google LLCDebian GNU/Linux
Product-chromedebian_linuxChrome
CVE-2023-1814
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.37%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 21:39
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectGoogle LLC
Product-chromedebian_linuxfedoraChrome
CVE-2022-4955
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 5.44%
||
7 Day CHG~0.00%
Published-04 Aug, 2023 | 19:13
Updated-03 Aug, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CVE-2021-29983
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 52.13%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 19:12
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91.

Action-Not Available
Vendor-Mozilla CorporationGoogle LLC
Product-firefoxandroidFirefox
CVE-2021-30533
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-6.45% / 90.68%
||
7 Day CHG~0.00%
Published-07 Jun, 2021 | 19:25
Updated-30 Jul, 2025 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-07-18||Apply updates per vendor instructions.

Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.

Action-Not Available
Vendor-Google LLCFedora Project
Product-fedorachromeChromeChromium PopupBlocker
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-30534
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.99%
||
7 Day CHG~0.00%
Published-07 Jun, 2021 | 19:25
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-30531
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.33%
||
7 Day CHG~0.00%
Published-07 Jun, 2021 | 19:25
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CVE-2021-30540
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.42% / 61.02%
||
7 Day CHG~0.00%
Published-07 Jun, 2021 | 19:25
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2019-5834
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 62.34%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CWE ID-CWE-346
Origin Validation Error
CVE-2023-4350
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 53.29%
||
7 Day CHG~0.00%
Published-15 Aug, 2023 | 17:07
Updated-13 Feb, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectGoogle LLC
Product-chromeandroiddebian_linuxfedoraChrome
CVE-2017-11305
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-2.47% / 84.64%
||
7 Day CHG~0.00%
Published-13 Dec, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelflash_player_desktop_runtimewindows_8.1windowsenterprise_linux_serverwindows_10flash_playermac_os_xAdobe Flash Player 27.0.0.187 and earlier versions
CVE-2021-21208
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.49% / 64.44%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 16:25
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2021-21212
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.86% / 74.20%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 16:25
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CVE-2021-21171
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.97% / 75.73%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 17:46
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromeandroidfedoradebian_linuxChrome
CVE-2021-21129
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.99% / 82.85%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 13:56
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

Action-Not Available
Vendor-Google LLCMicrosoft Corporation
Product-chromeedge_chromiumChrome
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found