Vulnerabilities > Google > Chrome > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-06 | CVE-2024-6996 | Race Condition vulnerability in Google Chrome Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. | 3.1 |
| 2023-07-29 | CVE-2022-4923 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. | 3.1 |
| 2021-10-08 | CVE-2021-37964 | Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file. | 3.3 |
| 2019-12-10 | CVE-2019-13762 | Improper Locking vulnerability in multiple products Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code. | 3.3 |
| 2019-11-25 | CVE-2019-13679 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Chrome Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file. | 3.3 |
| 2018-09-25 | CVE-2018-6053 | Information Exposure vulnerability in multiple products Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page. | 3.3 |
| 2017-10-27 | CVE-2017-5081 | Improper Input Validation vulnerability in multiple products Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files. | 3.3 |
| 2016-09-11 | CVE-2016-5166 | Information Exposure vulnerability in multiple products The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice. | 3.1 |
| 2015-05-21 | CVE-2015-4000 | Cryptographic Issues vulnerability in multiple products The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | 3.7 |