Vulnerabilities > Google > Chrome > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-11-23 CVE-2021-38004 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian CWE-668
4.3
4.3
2021-11-02 CVE-2018-6125 Unspecified vulnerability in Google Chrome
Insufficient policy enforcement in USB in Google Chrome on Windows prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.
network
low complexity
google
6.5
6.5
2021-11-02 CVE-2021-37989 Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page.
network
low complexity
google debian
6.5
6.5
2021-11-02 CVE-2021-37990 Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app.
local
low complexity
google debian
5.5
5.5
2021-11-02 CVE-2021-37994 Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google debian
6.5
6.5
2021-11-02 CVE-2021-37995 Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
low complexity
google debian
6.5
6.5
2021-11-02 CVE-2021-37996 Improper Input Validation vulnerability in multiple products
Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file.
local
low complexity
google debian CWE-20
5.5
5.5
2021-10-08 CVE-2021-37958 Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.
network
low complexity
google fedoraproject debian
5.4
5.4
2021-10-08 CVE-2021-37963 Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page.
network
low complexity
google fedoraproject debian
4.3
4.3
2021-10-08 CVE-2021-37965 Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google fedoraproject debian
4.3
4.3