Vulnerabilities > Google > Chrome > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-09 | CVE-2021-21135 | Origin Validation Error vulnerability in multiple products Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2021-02-09 | CVE-2021-21134 | Authentication Bypass by Spoofing vulnerability in multiple products Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page. | 6.5 |
| 2021-02-09 | CVE-2021-21133 | Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page. | 6.5 |
| 2021-02-09 | CVE-2021-21131 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | 6.5 |
| 2021-02-09 | CVE-2021-21130 | Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | 6.5 |
| 2021-02-09 | CVE-2021-21129 | Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | 6.5 |
| 2021-02-09 | CVE-2021-21126 | Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. | 6.5 |
| 2021-02-09 | CVE-2021-21123 | Improper Input Validation vulnerability in multiple products Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. | 6.5 |
| 2021-01-14 | CVE-2020-16046 | Cross-site Scripting vulnerability in Google Chrome Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | 6.1 |
| 2021-01-08 | CVE-2020-16042 | Use of Uninitialized Resource vulnerability in Google Chrome Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |