Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 12 SP3 package chromium, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (200)
CVE-2019-5850 — CVSS 9.6 (critical): Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to…
CVE-2019-5870 — CVSS 9.6 (critical): Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a…
CVE-2019-13727 — CVSS 8.8 (high): Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy…
CVE-2019-13682 — CVSS 8.8 (high): Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass…
CVE-2019-13685 — CVSS 8.8 (high): Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via…
CVE-2019-13686 — CVSS 8.8 (high): Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via…
CVE-2019-13687 — CVSS 8.8 (high): Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-13688 — CVSS 8.8 (high): Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-13693 — CVSS 8.8 (high): Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to…
CVE-2019-13694 — CVSS 8.8 (high): Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-13695 — CVSS 8.8 (high): Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption…
CVE-2019-13696 — CVSS 8.8 (high): Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-13699 — CVSS 8.8 (high): Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to…
CVE-2019-13700 — CVSS 8.8 (high): Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the…
CVE-2019-13721 — CVSS 8.8 (high): Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-13723 — CVSS 8.8 (high): Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process…
CVE-2019-13724 — CVSS 8.8 (high): Out of bounds memory access in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the…
CVE-2019-13725 — CVSS 8.8 (high): Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML…
CVE-2019-13726 — CVSS 8.8 (high): Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a…
CVE-2019-13728 — CVSS 8.8 (high): Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption…
CVE-2019-13729 — CVSS 8.8 (high): Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-13730 — CVSS 8.8 (high): Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-13732 — CVSS 8.8 (high): Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-13734 — CVSS 8.8 (high): Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-13735 — CVSS 8.8 (high): Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a…
CVE-2019-13736 — CVSS 8.8 (high): Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-13741 — CVSS 8.8 (high): Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin…
CVE-2019-13747 — CVSS 8.8 (high): Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap…
CVE-2019-13764 — CVSS 8.8 (high): Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-13767 — CVSS 8.8 (high): Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to…
CVE-2019-5787 — CVSS 8.8 (high): Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap…
CVE-2019-5788 — CVSS 8.8 (high): An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote…
CVE-2019-5789 — CVSS 8.8 (high): An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker…
CVE-2019-5790 — CVSS 8.8 (high): An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote…
CVE-2019-5791 — CVSS 8.8 (high): Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read…
CVE-2019-5792 — CVSS 8.8 (high): Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory…
CVE-2019-5795 — CVSS 8.8 (high): Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory…
CVE-2019-5806 — CVSS 8.8 (high): Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap…
CVE-2019-5807 — CVSS 8.8 (high): Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-5808 — CVSS 8.8 (high): Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-5809 — CVSS 8.8 (high): Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process…
CVE-2019-5811 — CVSS 8.8 (high): Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy…
CVE-2019-5813 — CVSS 8.8 (high): Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted…
CVE-2019-5816 — CVSS 8.8 (high): Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an…
CVE-2019-5817 — CVSS 8.8 (high): Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap…
CVE-2019-5820 — CVSS 8.8 (high): Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-5821 — CVSS 8.8 (high): Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-5822 — CVSS 8.8 (high): Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a…
CVE-2019-5824 — CVSS 8.8 (high): Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption…
CVE-2019-5827 — CVSS 8.8 (high): Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap…
CVE-2019-5828 — CVSS 8.8 (high): Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of…
CVE-2019-5829 — CVSS 8.8 (high): Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds…
CVE-2019-5831 — CVSS 8.8 (high): Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-5836 — CVSS 8.8 (high): Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-5851 — CVSS 8.8 (high): Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-5853 — CVSS 8.8 (high): Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap…
CVE-2019-5854 — CVSS 8.8 (high): Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-5856 — CVSS 8.8 (high): Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the…
CVE-2019-5858 — CVSS 8.8 (high): Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute…
CVE-2019-5859 — CVSS 8.8 (high): Insufficient filtering in URI schemes in Google Chrome on Windows prior to 76.0.3809.87 allowed a remote attacker to bypass navigation…
CVE-2019-5871 — CVSS 8.8 (high): Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-5874 — CVSS 8.8 (high): Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation…
CVE-2019-5876 — CVSS 8.8 (high): Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption…
CVE-2019-5877 — CVSS 8.8 (high): Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap…
CVE-2019-5878 — CVSS 8.8 (high): Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted…
CVE-2020-6377 — CVSS 8.8 (high): Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6378 — CVSS 8.8 (high): Use after free in speech in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6379 — CVSS 8.8 (high): Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted…
CVE-2020-6380 — CVSS 8.8 (high): Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the…
CVE-2020-6381 — CVSS 8.8 (high): Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially…
CVE-2020-6382 — CVSS 8.8 (high): Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6385 — CVSS 8.8 (high): Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a…
CVE-2020-6387 — CVSS 8.8 (high): Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6388 — CVSS 8.8 (high): Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption…
CVE-2020-6389 — CVSS 8.8 (high): Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6390 — CVSS 8.8 (high): Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap…
CVE-2020-6398 — CVSS 8.8 (high): Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption…
CVE-2020-6402 — CVSS 8.8 (high): Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to…
CVE-2020-6404 — CVSS 8.8 (high): Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap…
CVE-2020-6406 — CVSS 8.8 (high): Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6407 — CVSS 8.8 (high): Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap…
CVE-2020-6409 — CVSS 8.8 (high): Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a…
CVE-2020-6410 — CVSS 8.8 (high): Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a…
CVE-2020-6413 — CVSS 8.8 (high): Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a…
CVE-2020-6414 — CVSS 8.8 (high): Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation…
CVE-2020-6415 — CVSS 8.8 (high): Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap…
CVE-2020-6416 — CVSS 8.8 (high): Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap…
CVE-2020-6420 — CVSS 8.8 (high): Insufficient policy enforcement in media in Google Chrome prior to 80.0.3987.132 allowed a remote attacker to bypass same origin policy via…
CVE-2020-6422 — CVSS 8.8 (high): Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6424 — CVSS 8.8 (high): Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6427 — CVSS 8.8 (high): Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6428 — CVSS 8.8 (high): Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6429 — CVSS 8.8 (high): Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6449 — CVSS 8.8 (high): Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6450 — CVSS 8.8 (high): Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6451 — CVSS 8.8 (high): Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6452 — CVSS 8.8 (high): Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via…
CVE-2019-5881 — CVSS 8.1 (high): Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive…
CVE-2019-13702 — CVSS 7.8 (high): Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege…
CVE-2019-13706 — CVSS 7.8 (high): Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap…
CVE-2020-6417 — CVSS 7.8 (high): Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a…
CVE-2019-5819 — CVSS 7.8 (high): Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute…
CVE-2019-5815 — CVSS 7.5 (high): Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via…
CVE-2019-19923 — CVSS 7.5 (high): flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side…
CVE-2019-5796 — CVSS 7.5 (high): Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption…
CVE-2019-15903 — CVSS 7.5 (high): In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a…
CVE-2019-19880 — CVSS 7.5 (high): exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values…
CVE-2019-18197 — CVSS 7.5 (high): In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area…
CVE-2019-19926 — CVSS 7.5 (high): multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite()…
CVE-2019-5797 — CVSS 7.5 (high): Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-19925 — CVSS 7.5 (high): zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
CVE-2019-13666 — CVSS 7.4 (high): Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML…
CVE-2019-13668 — CVSS 7.4 (high): Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin…
CVE-2019-5880 — CVSS 7.4 (high): Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a…
CVE-2019-13673 — CVSS 7.4 (high): Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data…
CVE-2019-5812 — CVSS 6.5 (medium): Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted…
CVE-2019-5814 — CVSS 6.5 (medium): Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a…
CVE-2020-6397 — CVSS 6.5 (medium): Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted…
CVE-2019-5879 — CVSS 6.5 (medium): Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a…
CVE-2019-5818 — CVSS 6.5 (medium): Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information…
CVE-2020-6399 — CVSS 6.5 (medium): Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via…
CVE-2020-6400 — CVSS 6.5 (medium): Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a…
CVE-2020-6401 — CVSS 6.5 (medium): Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain…
CVE-2019-13750 — CVSS 6.5 (medium): Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures…
CVE-2019-5865 — CVSS 6.5 (medium): Insufficient policy enforcement in navigations in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the…
CVE-2019-5867 — CVSS 6.5 (medium): Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption…
CVE-2019-5869 — CVSS 6.5 (medium): Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-5793 — CVSS 6.5 (medium): Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions…
CVE-2019-5794 — CVSS 6.5 (medium): Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain…
CVE-2019-5798 — CVSS 6.5 (medium): Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory…
CVE-2019-5799 — CVSS 6.5 (medium): Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote…
CVE-2019-5800 — CVSS 6.5 (medium): Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy…
CVE-2019-5801 — CVSS 6.5 (medium): Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via…
CVE-2019-5802 — CVSS 6.5 (medium): Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain…
CVE-2019-5803 — CVSS 6.5 (medium): Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass…
CVE-2019-5805 — CVSS 6.5 (medium): Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6393 — CVSS 6.5 (medium): Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a…
CVE-2019-5872 — CVSS 6.5 (medium): Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-5810 — CVSS 6.5 (medium): Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information…
CVE-2020-6395 — CVSS 6.5 (medium): Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive…
CVE-2019-5830 — CVSS 6.5 (medium): Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a…
CVE-2019-13662 — CVSS 6.5 (medium): Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security…
CVE-2019-13664 — CVSS 6.5 (medium): Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy…
CVE-2019-13665 — CVSS 6.5 (medium): Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download…
CVE-2019-13670 — CVSS 6.5 (medium): Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap…
CVE-2019-13677 — CVSS 6.5 (medium): Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation…
CVE-2019-13678 — CVSS 6.5 (medium): Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a…
CVE-2019-5832 — CVSS 6.5 (medium): Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin…
CVE-2019-13683 — CVSS 6.5 (medium): Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin…
CVE-2019-5834 — CVSS 6.5 (medium): Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a…
CVE-2019-5835 — CVSS 6.5 (medium): Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds…
CVE-2019-5837 — CVSS 6.5 (medium): Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a…
CVE-2019-13697 — CVSS 6.5 (medium): Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin…
CVE-2019-5842 — CVSS 6.5 (medium): Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-5844 — CVSS 6.5 (medium): Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption…
CVE-2019-13709 — CVSS 6.5 (medium): Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download…
CVE-2019-13713 — CVSS 6.5 (medium): Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data…
CVE-2019-5845 — CVSS 6.5 (medium): Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption…
CVE-2019-5846 — CVSS 6.5 (medium): Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption…
CVE-2019-5847 — CVSS 6.5 (medium): Inappropriate implementation in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap…
CVE-2019-5848 — CVSS 6.5 (medium): Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to obtain potentially sensitive…
CVE-2020-6405 — CVSS 6.5 (medium): Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information…
CVE-2019-5852 — CVSS 6.5 (medium): Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive…
CVE-2020-6426 — CVSS 6.5 (medium): Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption…
CVE-2019-5855 — CVSS 6.5 (medium): Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6408 — CVSS 6.5 (medium): Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive…
CVE-2019-5857 — CVSS 6.5 (medium): Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit object…
CVE-2019-13737 — CVSS 6.5 (medium): Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially…
CVE-2019-13738 — CVSS 6.5 (medium): Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via…
CVE-2019-13739 — CVSS 6.5 (medium): Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via…
CVE-2019-13740 — CVSS 6.5 (medium): Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted…
CVE-2019-13742 — CVSS 6.5 (medium): Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the…
CVE-2019-13743 — CVSS 6.5 (medium): Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI…
CVE-2019-13744 — CVSS 6.5 (medium): Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a…
CVE-2019-13745 — CVSS 6.5 (medium): Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a…
CVE-2019-13746 — CVSS 6.5 (medium): Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the…
CVE-2019-13748 — CVSS 6.5 (medium): Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially…
CVE-2019-13749 — CVSS 6.5 (medium): Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the…
CVE-2019-13751 — CVSS 6.5 (medium): Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information…
CVE-2019-13752 — CVSS 6.5 (medium): Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information…
CVE-2019-13753 — CVSS 6.5 (medium): Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information…
CVE-2019-5862 — CVSS 6.5 (medium): Insufficient data validation in AppCache in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer…
CVE-2019-13714 — CVSS 6.1 (medium): Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to…
CVE-2019-5868 — CVSS 5.5 (medium): Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2019-5860 — CVSS 5.5 (medium): Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2018-20073 — CVSS 5.5 (medium): Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the…
CVE-2019-13707 — CVSS 5.5 (medium): Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak…
CVE-2019-5804 — CVSS 5.5 (medium): Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via…
CVE-2020-6394 — CVSS 5.4 (medium): Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy…
CVE-2020-6425 — CVSS 5.4 (medium): Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a…
CVE-2020-6411 — CVSS 5.4 (medium): Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain…
CVE-2019-5823 — CVSS 5.4 (medium): Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation…
CVE-2020-6412 — CVSS 5.4 (medium): Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain…
CVE-2019-13680 — CVSS 5.3 (medium): Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites…
CVE-2019-13660 — CVSS 5.3 (medium): UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.
CVE-2019-13711 — CVSS 5.3 (medium): Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data…
CVE-2019-13661 — CVSS 4.3 (medium): UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.