Vulnerabilities > Google > Chrome > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-07 | CVE-2021-30538 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | 4.3 |
| 2021-06-07 | CVE-2021-30539 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. | 5.4 |
| 2021-06-07 | CVE-2021-30540 | Injection vulnerability in multiple products Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 6.5 |
| 2021-04-30 | CVE-2021-21229 | Origin Validation Error vulnerability in multiple products Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 6.5 |
| 2021-04-30 | CVE-2021-21228 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | 4.3 |
| 2021-04-26 | CVE-2021-21218 | Use of Uninitialized Resource vulnerability in multiple products Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | 5.5 |
| 2021-04-26 | CVE-2021-21211 | Origin Validation Error vulnerability in multiple products Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2021-04-26 | CVE-2021-21209 | Origin Validation Error vulnerability in multiple products Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2021-04-26 | CVE-2021-21219 | Unchecked Return Value vulnerability in multiple products Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | 5.5 |
| 2021-04-26 | CVE-2021-21217 | Unchecked Return Value vulnerability in multiple products Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | 5.5 |