RSS   Vulnerabilities for 'Chrome'   RSS

2021-04-30
 
CVE-2021-21232

CWE-416
 

 
Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

 
 
CVE-2021-21231

CWE-345
 

 
Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

 
 
CVE-2021-21230

CWE-843
 

 
Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

 
 
CVE-2021-21228

CWE-863
 

 
Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

 
 
CVE-2021-21227

CWE-787
 

 
Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

 
2021-04-26
 
CVE-2021-21218

CWE-908
 

 
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

 
 
CVE-2021-21217

CWE-200
 

 
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

 
 
CVE-2021-21216

CWE-290
 

 
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.

 
 
CVE-2021-21215

CWE-290
 

 
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.

 
 
CVE-2021-21202

CWE-416
 

 
Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

 


Copyright 2021, cxsecurity.com

 

Back to Top