chromium (SUSE:Package Hub 12) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 12 package chromium, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (132)
CVE-2016-5146 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have…
CVE-2016-5144 — CVSS 9.8 (critical): The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname…
CVE-2016-5140 — CVSS 9.8 (critical): Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before…
CVE-2016-5178 — CVSS 9.8 (critical): Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly…
CVE-2016-5143 — CVSS 9.8 (critical): The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname…
CVE-2016-5142 — CVSS 9.8 (critical): The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy…
CVE-2016-1706 — CVSS 9.6 (critical): The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process…
CVE-2020-6416 — CVSS 8.8 (high): Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap…
CVE-2016-5128 — CVSS 8.8 (high): objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a…
CVE-2016-5129 — CVSS 8.8 (high): Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows…
CVE-2020-6415 — CVSS 8.8 (high): Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap…
CVE-2016-5131 — CVSS 8.8 (high): Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a…
CVE-2016-5132 — CVSS 8.8 (high): The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during…
CVE-2020-6414 — CVSS 8.8 (high): Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation…
CVE-2016-5134 — CVSS 8.8 (high): net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information…
CVE-2020-6413 — CVSS 8.8 (high): Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a…
CVE-2016-5136 — CVSS 8.8 (high): Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before…
CVE-2020-6410 — CVSS 8.8 (high): Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a…
CVE-2020-6409 — CVSS 8.8 (high): Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a…
CVE-2020-6406 — CVSS 8.8 (high): Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2016-5145 — CVSS 8.8 (high): Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation…
CVE-2020-6404 — CVSS 8.8 (high): Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap…
CVE-2020-6402 — CVSS 8.8 (high): Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to…
CVE-2016-5149 — CVSS 8.8 (high): The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME…
CVE-2016-5150 — CVSS 8.8 (high): WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and…
CVE-2016-5151 — CVSS 8.8 (high): PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote…
CVE-2016-5152 — CVSS 8.8 (high): Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89…
CVE-2016-5153 — CVSS 8.8 (high): The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on…
CVE-2016-5154 — CVSS 8.8 (high): Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on…
CVE-2020-6398 — CVSS 8.8 (high): Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption…
CVE-2016-5156 — CVSS 8.8 (high): extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before…
CVE-2016-5157 — CVSS 8.8 (high): Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before…
CVE-2016-5158 — CVSS 8.8 (high): Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89…
CVE-2016-5159 — CVSS 8.8 (high): Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92…
CVE-2020-6390 — CVSS 8.8 (high): Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap…
CVE-2016-5161 — CVSS 8.8 (high): The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89…
CVE-2020-6389 — CVSS 8.8 (high): Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6388 — CVSS 8.8 (high): Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption…
CVE-2020-6387 — CVSS 8.8 (high): Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-6385 — CVSS 8.8 (high): Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a…
CVE-2020-6382 — CVSS 8.8 (high): Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2016-5170 — CVSS 8.8 (high): WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly…
CVE-2016-5171 — CVSS 8.8 (high): WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain…
CVE-2020-6381 — CVSS 8.8 (high): Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially…
CVE-2018-6406 — CVSS 8.8 (high): The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data…
CVE-2018-6054 — CVSS 8.8 (high): Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2016-5175 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have…
CVE-2016-5177 — CVSS 8.8 (high): Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or…
CVE-2018-6043 — CVSS 8.8 (high): Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially…
CVE-2016-5182 — CVSS 8.8 (high): Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap…
CVE-2016-5183 — CVSS 8.8 (high): A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a…
CVE-2016-5184 — CVSS 8.8 (high): PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles…
CVE-2016-5185 — CVSS 8.8 (high): Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of…
CVE-2018-6035 — CVSS 8.8 (high): Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user…
CVE-2018-6031 — CVSS 8.8 (high): Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2016-1705 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have…
CVE-2016-1704 — CVSS 8.8 (high): Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have…
CVE-2016-1708 — CVSS 8.8 (high): The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly…
CVE-2016-1709 — CVSS 8.8 (high): Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome…
CVE-2016-1710 — CVSS 8.8 (high): The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82…
CVE-2016-1711 — CVSS 8.8 (high): WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during…
CVE-2018-6033 — CVSS 8.8 (high): Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary…
CVE-2018-6034 — CVSS 8.1 (high): Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory…
CVE-2020-6417 — CVSS 7.8 (high): Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a…
CVE-2016-5139 — CVSS 7.6 (high): Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116…
CVE-2016-5141 — CVSS 7.5 (high): Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional…
CVE-2019-19926 — CVSS 7.5 (high): multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite()…
CVE-2016-5127 — CVSS 7.5 (high): Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows…
CVE-2019-19925 — CVSS 7.5 (high): zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
CVE-2019-18197 — CVSS 7.5 (high): In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area…
CVE-2019-19880 — CVSS 7.5 (high): exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values…
CVE-2019-19923 — CVSS 7.5 (high): flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side…
CVE-2016-5173 — CVSS 7.1 (high): The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote…
CVE-2018-6036 — CVSS 6.5 (medium): Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a…
CVE-2018-6037 — CVSS 6.5 (medium): Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with…
CVE-2018-6038 — CVSS 6.5 (medium): Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via…
CVE-2016-5192 — CVSS 6.5 (medium): Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote…
CVE-2018-6040 — CVSS 6.5 (medium): Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content…
CVE-2016-5135 — CVSS 6.5 (medium): WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider…
CVE-2016-1707 — CVSS 6.5 (medium): ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with…
CVE-2018-6045 — CVSS 6.5 (medium): Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user…
CVE-2020-6408 — CVSS 6.5 (medium): Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive…
CVE-2018-6049 — CVSS 6.5 (medium): Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which…
CVE-2018-6050 — CVSS 6.5 (medium): Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox…
CVE-2020-6405 — CVSS 6.5 (medium): Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information…
CVE-2020-6401 — CVSS 6.5 (medium): Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain…
CVE-2020-6400 — CVSS 6.5 (medium): Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a…
CVE-2016-5174 — CVSS 6.5 (medium): browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests…
CVE-2016-5155 — CVSS 6.5 (medium): Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial…
CVE-2016-5162 — CVSS 6.5 (medium): The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and…
CVE-2016-5160 — CVSS 6.5 (medium): The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and…
CVE-2020-6397 — CVSS 6.5 (medium): Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted…
CVE-2020-6395 — CVSS 6.5 (medium): Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive…
CVE-2020-6393 — CVSS 6.5 (medium): Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a…
CVE-2018-6032 — CVSS 6.5 (medium): Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user…
CVE-2016-5187 — CVSS 6.5 (medium): Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a…
CVE-2016-5130 — CVSS 6.5 (medium): content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript…
CVE-2016-5189 — CVSS 6.5 (medium): Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with…
CVE-2016-5172 — CVSS 6.5 (medium): The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain…
CVE-2020-6399 — CVSS 6.5 (medium): Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via…
CVE-2017-15420 — CVSS 6.5 (medium): Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to…
CVE-2016-5190 — CVSS 6.3 (medium): Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during…
CVE-2016-5191 — CVSS 6.1 (medium): Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation…
CVE-2018-6039 — CVSS 6.1 (medium): Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user…
CVE-2016-5181 — CVSS 6.1 (medium): Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks…
CVE-2018-6046 — CVSS 6.1 (medium): Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user…
CVE-2016-5165 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows…
CVE-2016-5164 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before…
CVE-2016-5148 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92…
CVE-2016-5147 — CVSS 6.1 (medium): Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads…
CVE-2020-6394 — CVSS 5.4 (medium): Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy…
CVE-2020-6411 — CVSS 5.4 (medium): Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain…
CVE-2020-6412 — CVSS 5.4 (medium): Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain…
CVE-2016-5186 — CVSS 5.3 (medium): Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a…
CVE-2016-5133 — CVSS 5.3 (medium): Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to…
CVE-2020-6403 — CVSS 4.3 (medium): Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the…
CVE-2016-5193 — CVSS 4.3 (medium): Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass…
CVE-2018-6051 — CVSS 4.3 (medium): XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which…
CVE-2018-6048 — CVSS 4.3 (medium): Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer…
CVE-2018-6047 — CVSS 4.3 (medium): Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user…
CVE-2018-6042 — CVSS 4.3 (medium): Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox…
CVE-2016-5137 — CVSS 4.3 (medium): The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in…
CVE-2018-6041 — CVSS 4.3 (medium): Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox…
CVE-2020-6392 — CVSS 4.3 (medium): Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a…
CVE-2020-6391 — CVSS 4.3 (medium): Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content…
CVE-2016-5163 — CVSS 4.3 (medium): The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not…
CVE-2018-6052 — CVSS 4.3 (medium): Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to…
CVE-2016-5188 — CVSS 4.3 (medium): Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts…
CVE-2020-6396 — CVSS 4.3 (medium): Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox…
CVE-2018-6053 — CVSS 3.3 (low): Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail…
CVE-2016-5166 — CVSS 3.1 (low): The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly…