Vulnerabilities > Google > Chrome > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-23 | CVE-2021-38019 | Always-Incorrect Control Flow Implementation vulnerability in multiple products Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2021-12-23 | CVE-2021-38020 | Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 |
| 2021-12-23 | CVE-2021-38021 | Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 6.5 |
| 2021-12-23 | CVE-2021-38022 | Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2021-12-23 | CVE-2021-4054 | Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 6.5 |
| 2021-12-23 | CVE-2021-4059 | Improper Input Validation vulnerability in multiple products Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2021-12-23 | CVE-2021-4068 | Improper Encoding or Escaping of Output vulnerability in multiple products Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2021-11-23 | CVE-2021-37999 | Cross-site Scripting vulnerability in multiple products Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. | 6.1 |
| 2021-11-23 | CVE-2021-38000 | Open Redirect vulnerability in multiple products Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. | 6.1 |
| 2021-11-23 | CVE-2021-38004 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 4.3 |