Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Filtered by product Chrome
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-4923 1 Google 1 Chrome 2023-12-10 N/A 3.1 LOW
Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium security severity: Low)
CVE-2021-37964 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Chrome and 1 more 2023-12-10 4.3 MEDIUM 3.3 LOW
Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file.
CVE-2019-13679 1 Google 1 Chrome 2023-12-10 4.3 MEDIUM 3.3 LOW
Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.
CVE-2019-13762 5 Debian, Fedoraproject, Google and 2 more 8 Debian Linux, Fedora, Chrome and 5 more 2023-12-10 2.1 LOW 3.3 LOW
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.
CVE-2018-6053 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2023-12-10 4.3 MEDIUM 3.3 LOW
Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.
CVE-2017-5081 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2023-12-10 2.1 LOW 3.3 LOW
Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.
CVE-2016-5166 2 Google, Opensuse 2 Chrome, Leap 2023-12-10 2.6 LOW 3.1 LOW
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice.
CVE-2015-4000 12 Apple, Canonical, Debian and 9 more 25 Iphone Os, Mac Os X, Safari and 22 more 2023-12-10 4.3 MEDIUM 3.7 LOW
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.