CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome » * * * * : Security Vulnerabilities (Bypass)

Cpe Name:cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-38021 Bypass 2021-12-23 2022-01-15
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
2 CVE-2021-38017 863 Bypass 2021-12-23 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
3 CVE-2021-38016 863 Bypass 2021-12-23 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
4 CVE-2021-38015 20 Bypass 2021-12-23 2022-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
5 CVE-2021-38010 Bypass 2021-12-23 2022-01-15
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
6 CVE-2021-37996 20 Bypass 2021-11-02 2022-01-15
4.3
None Remote Medium Not required None Partial None
Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file.
7 CVE-2021-37994 Bypass 2021-11-02 2022-01-15
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
8 CVE-2021-37963 Bypass +Info 2021-10-08 2022-01-15
4.3
None Remote Medium Not required Partial None None
Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page.
9 CVE-2021-30589 20 Bypass 2021-08-03 2021-12-08
4.3
None Remote Medium Not required None Partial None
Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link.
10 CVE-2021-30539 863 Bypass 2021-06-07 2021-12-01
5.8
None Remote Medium Not required Partial Partial None
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
11 CVE-2021-30538 863 Bypass 2021-06-07 2021-12-01
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
12 CVE-2021-30537 863 Bypass 2021-06-07 2021-12-01
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page.
13 CVE-2021-30534 863 Bypass 2021-06-07 2021-12-01
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
14 CVE-2021-30533 863 Bypass 2021-06-07 2021-12-01
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.
15 CVE-2021-30532 863 Bypass 2021-06-07 2021-12-01
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
16 CVE-2021-30531 863 Bypass 2021-06-07 2021-12-01
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
17 CVE-2021-21228 863 Bypass 2021-04-30 2021-06-01
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
18 CVE-2021-21222 787 Overflow Bypass 2021-04-26 2021-06-01
4.3
None Remote Medium Not required Partial None None
Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
19 CVE-2021-21189 287 Bypass 2021-03-09 2021-12-03
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
20 CVE-2021-21182 863 Bypass 2021-03-09 2021-12-03
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
21 CVE-2021-21174 Bypass 2021-03-09 2021-12-03
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
22 CVE-2021-21141 287 Bypass 2021-02-09 2021-02-25
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.
23 CVE-2021-21139 1021 Bypass 2021-02-09 2021-03-15
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
24 CVE-2021-21133 287 Bypass 2021-02-09 2021-03-08
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.
25 CVE-2021-21131 287 Bypass 2021-02-09 2021-03-04
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
26 CVE-2021-21130 287 Bypass 2021-02-09 2021-03-04
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
27 CVE-2021-21129 287 Bypass 2021-02-09 2021-03-04
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
28 CVE-2021-21127 287 Bypass 2021-02-09 2021-03-04
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension.
29 CVE-2021-21126 287 Bypass 2021-02-09 2021-03-04
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.
30 CVE-2021-21125 287 Bypass 2021-02-09 2021-03-08
5.8
None Remote Medium Not required Partial Partial None
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
31 CVE-2021-21123 20 Bypass 2021-02-09 2021-03-08
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
32 CVE-2020-16043 Bypass 2021-01-08 2021-03-05
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic.
33 CVE-2020-16036 Bypass 2021-01-08 2021-01-11
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in cookies in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass cookie restrictions via a crafted HTML page.
34 CVE-2020-16034 Bypass 2021-01-08 2021-01-11
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a local attacker to bypass policy restrictions via a crafted HTML page.
35 CVE-2020-16029 862 Bypass 2021-01-08 2021-01-12
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in PDFium in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file.
36 CVE-2020-15992 Bypass 2020-11-03 2021-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
37 CVE-2020-15983 20 Bypass 2020-11-03 2021-03-11
4.4
None Local Medium Not required Partial Partial Partial
Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page.
38 CVE-2020-15974 190 Overflow Bypass 2020-11-03 2021-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
39 CVE-2020-15973 Bypass 2020-11-03 2021-03-11
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.
40 CVE-2020-6527 276 Bypass 2020-07-22 2021-03-16
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.
41 CVE-2020-6526 Bypass 2020-07-22 2021-01-27
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
42 CVE-2020-6519 Bypass 2020-07-22 2021-03-12
4.3
None Remote Medium Not required None Partial None
Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.
43 CVE-2020-6516 Bypass 2020-07-22 2021-03-12
4.3
None Remote Medium Not required Partial None None
Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
44 CVE-2020-6504 276 Bypass 2020-06-03 2020-06-04
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page.
45 CVE-2020-6501 276 Bypass 2020-06-03 2020-06-04
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in CSP in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.
46 CVE-2020-6499 Bypass 2020-06-03 2020-06-04
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass AppCache security restrictions via a crafted HTML page.
47 CVE-2020-6488 276 Bypass 2020-05-21 2020-07-08
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
48 CVE-2020-6487 276 Bypass 2020-05-21 2021-01-27
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
49 CVE-2020-6486 Bypass 2020-05-21 2021-01-27
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in navigations in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
50 CVE-2020-6484 276 Bypass 2020-05-21 2020-07-08
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request.
Total number of vulnerabilities : 261   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.