Vulnerabilities > Google > Chrome > 78.0.3904.38
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-30 | CVE-2021-21229 | Origin Validation Error vulnerability in multiple products Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 6.5 |
| 2021-04-30 | CVE-2021-21227 | Out-of-bounds Write vulnerability in multiple products Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-04-30 | CVE-2021-21228 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | 4.3 |
| 2021-04-30 | CVE-2021-21233 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-04-30 | CVE-2021-21232 | Use After Free vulnerability in multiple products Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-04-30 | CVE-2021-21231 | Out-of-bounds Write vulnerability in multiple products Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-04-30 | CVE-2021-21230 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-04-26 | CVE-2021-21220 | Out-of-bounds Write vulnerability in multiple products Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-04-26 | CVE-2021-21218 | Use of Uninitialized Resource vulnerability in multiple products Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | 5.5 |
| 2021-04-26 | CVE-2021-21209 | Origin Validation Error vulnerability in multiple products Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |