Vulnerabilities > Google > Chrome > 23.0.1271.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-21 | CVE-2020-6477 | Link Following vulnerability in multiple products Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file. | 7.8 |
2020-05-21 | CVE-2020-6476 | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | 6.5 |
2020-05-21 | CVE-2020-6475 | Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. | 6.5 |
2020-05-21 | CVE-2020-6474 | Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-05-21 | CVE-2020-6473 | Information Exposure Through Discrepancy vulnerability in multiple products Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
2020-05-21 | CVE-2020-6472 | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension. | 6.5 |
2020-05-21 | CVE-2020-6471 | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | 9.6 |
2020-05-21 | CVE-2020-6470 | Cross-site Scripting vulnerability in multiple products Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents. | 6.1 |
2020-05-21 | CVE-2020-6469 | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | 9.6 |
2020-05-21 | CVE-2020-6468 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |