CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome » * * * * : Security Vulnerabilities Published In 2019 (Bypass)

Cpe Name:cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-13754 Bypass 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
2 CVE-2019-13750 20 Bypass 2019-12-10 2020-08-06
4.3
None Remote Medium Not required Partial None None
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.
3 CVE-2019-13741 79 XSS Bypass 2019-12-10 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content.
4 CVE-2019-13738 269 Bypass 2019-12-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.
5 CVE-2019-13727 281 Bypass 2019-12-10 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
6 CVE-2019-13716 863 Bypass 2019-11-25 2020-01-13
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
7 CVE-2019-13710 Bypass 2019-11-25 2020-08-24
4.3
None Remote Medium Not required None Partial None
Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
8 CVE-2019-13709 290 Bypass 2019-11-25 2020-01-13
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
9 CVE-2019-13704 290 Bypass 2019-11-25 2020-01-13
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page.
10 CVE-2019-13692 20 Bypass 2019-11-25 2019-11-27
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
11 CVE-2019-13682 281 Bypass 2019-11-25 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
12 CVE-2019-13681 732 Bypass 2019-11-25 2019-12-03
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
13 CVE-2019-13677 732 Bypass 2019-11-25 2019-12-02
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
14 CVE-2019-13665 732 Bypass 2019-11-25 2019-12-02
4.3
None Remote Medium Not required None Partial None
Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page.
15 CVE-2019-13664 346 Bypass 2019-11-25 2020-08-24
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
16 CVE-2019-13662 276 Bypass 2019-11-25 2020-08-24
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
17 CVE-2019-5865 20 Bypass 2019-11-25 2021-07-21
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in navigations in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
18 CVE-2019-5864 20 Bypass 2019-11-25 2021-07-21
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
19 CVE-2019-5862 20 Bypass 2019-11-25 2019-12-02
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in AppCache in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
20 CVE-2019-5861 1021 Bypass 2019-11-25 2019-12-02
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to bypass anti-clickjacking policy via a crafted HTML page.
21 CVE-2019-5856 20 Bypass 2019-11-25 2019-12-02
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
22 CVE-2019-5839 20 Bypass 2019-06-27 2019-07-25
4.3
None Remote Medium Not required None Partial None
Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.
23 CVE-2019-5838 20 Bypass 2019-06-27 2021-07-21
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.
24 CVE-2019-5823 601 Bypass 2019-06-27 2019-07-25
5.8
None Remote Medium Not required Partial Partial None
Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
25 CVE-2019-5822 284 Bypass 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
26 CVE-2019-5811 19 Bypass 2019-06-27 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
27 CVE-2019-5803 20 Bypass 2019-05-23 2019-06-28
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
28 CVE-2019-5800 20 Bypass 2019-05-23 2019-06-28
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
29 CVE-2019-5799 20 Bypass 2019-05-23 2019-06-28
4.3
None Remote Medium Not required None Partial None
Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
30 CVE-2019-5779 862 Bypass 2019-02-19 2020-08-24
4.3
None Remote Medium Not required Partial None None
Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
31 CVE-2019-5778 79 XSS Bypass 2019-02-19 2019-04-18
4.3
None Remote Medium Not required None Partial None
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.
32 CVE-2019-5773 20 Bypass 2019-02-19 2021-07-21
4.3
None Remote Medium Not required None Partial None
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
33 CVE-2018-16087 732 Bypass 2019-01-09 2020-08-24
4.3
None Remote Medium Not required Partial None None
Lack of proper state tracking in Permissions in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
34 CVE-2018-16086 285 Bypass 2019-06-27 2019-07-01
5.8
None Remote Medium Not required Partial Partial None
Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
35 CVE-2018-16077 285 Bypass 2019-06-27 2019-07-03
4.3
None Remote Medium Not required None Partial None
Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass content security policy via a crafted HTML page.
36 CVE-2018-16074 285 Bypass 2019-06-27 2019-07-01
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.
37 CVE-2018-16073 285 Bypass 2019-06-27 2019-07-01
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.
38 CVE-2018-16072 346 Bypass 2019-01-09 2019-10-03
4.3
None Remote Medium Not required Partial None None
A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
39 CVE-2018-16064 20 Bypass 2019-06-27 2019-06-28
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in Extensions API in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
40 CVE-2018-6161 20 Bypass 2019-06-27 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
41 CVE-2018-6148 93 Bypass 2019-06-27 2019-07-02
4.3
None Remote Medium Not required None Partial None
Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
42 CVE-2018-6145 79 XSS Bypass 2019-06-27 2019-07-02
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
43 CVE-2018-6138 20 Bypass 2019-06-27 2019-06-28
5.8
None Remote Medium Not required Partial Partial None
Insufficient policy enforcement in Extensions API in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
44 CVE-2018-6134 200 Bypass +Info 2019-06-27 2019-06-27
4.3
None Remote Medium Not required Partial None None
Information leak in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page.
45 CVE-2018-6114 20 Bypass 2019-01-09 2019-01-16
4.3
None Remote Medium Not required None Partial None
Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.
46 CVE-2018-6112 706 Bypass 2019-01-09 2019-10-03
4.3
None Remote Medium Not required Partial None None
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Total number of vulnerabilities : 46   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.