CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-38004 668 2021-11-23 2021-11-24
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
2 CVE-2021-37999 79 XSS 2021-11-23 2021-11-24
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.
3 CVE-2021-37996 20 Bypass 2021-11-02 2021-11-04
4.3
None Remote Medium Not required None Partial None
Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file.
4 CVE-2021-37995 2021-11-02 2021-11-04
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
5 CVE-2021-37994 Bypass 2021-11-02 2021-11-04
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
6 CVE-2021-37990 2021-11-02 2021-11-04
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app.
7 CVE-2021-37989 2021-11-02 2021-11-04
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page.
8 CVE-2021-37976 +Info 2021-10-08 2021-11-28
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
9 CVE-2021-37971 1021 2021-10-08 2021-11-24
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
10 CVE-2021-37968 668 2021-10-08 2021-11-24
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
11 CVE-2021-37967 668 2021-10-08 2021-11-24
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
12 CVE-2021-37965 668 2021-10-08 2021-11-24
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
13 CVE-2021-37963 Bypass +Info 2021-10-08 2021-11-24
4.3
None Remote Medium Not required Partial None None
Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page.
14 CVE-2021-30630 668 2021-10-08 2021-11-23
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
15 CVE-2021-30597 416 2021-08-26 2021-09-24
4.6
None Local Low Not required Partial Partial Partial
Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.
16 CVE-2021-30594 416 2021-08-26 2021-09-24
4.6
None Local Low Not required Partial Partial Partial
Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.
17 CVE-2021-30589 20 Bypass 2021-08-03 2021-09-24
4.3
None Remote Medium Not required None Partial None
Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link.
18 CVE-2021-30587 2021-08-03 2021-09-24
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
19 CVE-2021-30584 2021-08-03 2021-09-24
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
20 CVE-2021-30582 2021-08-03 2021-09-24
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
21 CVE-2021-30580 863 +Info 2021-08-03 2021-09-24
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive information via a crafted HTML page.
22 CVE-2021-30540 20 2021-06-07 2021-07-18
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
23 CVE-2021-30538 863 Bypass 2021-06-07 2021-07-18
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
24 CVE-2021-30537 863 Bypass 2021-06-07 2021-07-18
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page.
25 CVE-2021-30534 863 Bypass 2021-06-07 2021-07-18
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
26 CVE-2021-30533 863 Bypass 2021-06-07 2021-07-18
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.
27 CVE-2021-30532 863 Bypass 2021-06-07 2021-07-18
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
28 CVE-2021-30531 863 Bypass 2021-06-07 2021-07-18
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
29 CVE-2021-21228 863 Bypass 2021-04-30 2021-06-01
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
30 CVE-2021-21222 787 Overflow Bypass 2021-04-26 2021-06-01
4.3
None Remote Medium Not required Partial None None
Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
31 CVE-2021-21221 20 2021-04-26 2021-06-01
4.3
None Remote Medium Not required Partial None None
Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
32 CVE-2021-21219 200 +Info 2021-04-26 2021-06-01
4.3
None Remote Medium Not required Partial None None
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
33 CVE-2021-21218 908 +Info 2021-04-26 2021-06-01
4.3
None Remote Medium Not required Partial None None
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
34 CVE-2021-21217 200 +Info 2021-04-26 2021-06-01
4.3
None Remote Medium Not required Partial None None
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
35 CVE-2021-21216 290 2021-04-26 2021-06-01
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
36 CVE-2021-21215 290 2021-04-26 2021-06-01
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
37 CVE-2021-21212 2021-04-26 2021-06-01
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.
38 CVE-2021-21211 346 2021-04-26 2021-06-01
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
39 CVE-2021-21210 668 2021-04-26 2021-06-01
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page.
40 CVE-2021-21209 346 2021-04-26 2021-06-01
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
41 CVE-2021-21208 20 2021-04-26 2021-06-03
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code.
42 CVE-2021-21198 125 2021-04-09 2021-06-07
4.3
None Remote Medium Not required Partial None None
Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
43 CVE-2021-21189 287 Bypass 2021-03-09 2021-05-01
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
44 CVE-2021-21187 2021-03-09 2021-05-01
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
45 CVE-2021-21185 +Info 2021-03-09 2021-05-01
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension.
46 CVE-2021-21184 346 2021-03-09 2021-05-01
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
47 CVE-2021-21183 346 2021-03-09 2021-05-01
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
48 CVE-2021-21182 863 Bypass 2021-03-09 2021-05-01
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
49 CVE-2021-21181 +Info 2021-03-09 2021-05-01
4.3
None Remote Medium Not required Partial None None
Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
50 CVE-2021-21177 287 +Info 2021-03-09 2021-05-01
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Total number of vulnerabilities : 644   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.