Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2023-29350 7.5 - High - May 05, 2023

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2023-29354 4.7 - Medium - May 05, 2023

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2023-29334 4.3 - Medium - April 28, 2023

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2023-28261 8.1 - High - April 27, 2023

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2023-28286 6.1 - Medium - April 27, 2023

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2023-24935 6.1 - Medium - April 11, 2023

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Open Redirect

Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability

CVE-2023-24892 8.2 - High - March 14, 2023

Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability

Open Redirect

Microsoft Edge (Chromium-based) Tampering Vulnerability

CVE-2023-21720 5.3 - Medium - February 14, 2023

Microsoft Edge (Chromium-based) Tampering Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2023-21794 4.3 - Medium - February 14, 2023

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Authentication Bypass by Spoofing

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2023-21795 8.3 - High - January 24, 2023

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2023-21796 8.3 - High - January 24, 2023

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2023-21775 8.3 - High - January 24, 2023

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.

CVE-2023-21719 6.5 - Medium - January 24, 2023

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.

AuthZ

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.

CVE-2022-44708 8.3 - High - December 13, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.

Improper Privilege Management

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2022-44688 4.3 - Medium - December 13, 2022

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability.

CVE-2022-41115 6.6 - Medium - December 13, 2022

Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability.

Improper Privilege Management

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121

CVE-2022-4135 9.6 - Critical - November 25, 2022

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Microsoft Edge (Chromium-based) Spoofing Vulnerability.

CVE-2022-41035 5.3 - Medium - October 11, 2022

Microsoft Edge (Chromium-based) Spoofing Vulnerability.

Race Condition

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2022-38012 7.7 - High - September 13, 2022

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.

CVE-2022-35796 7.5 - High - August 09, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.

Race Condition

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.

CVE-2022-33636 8.3 - High - August 09, 2022

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.

Race Condition

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.

CVE-2022-33649 9.6 - Critical - August 09, 2022

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-33680 8.3 - High - July 07, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638, CVE-2022-33639.

Improper Privilege Management

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-30192 8.3 - High - June 29, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33638, CVE-2022-33639.

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-33639 8.3 - High - June 29, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638.

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-33638 8.3 - High - June 29, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639.

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.

CVE-2022-22021 8.3 - High - June 15, 2022

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.

Microsoft Edge (Chromium-based) Spoofing Vulnerability.

CVE-2022-26905 4.3 - Medium - June 01, 2022

Microsoft Edge (Chromium-based) Spoofing Vulnerability.

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-30127 8.3 - High - June 01, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30128.

Race Condition

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-30128 8.3 - High - June 01, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30127.

Race Condition

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-26895 8.3 - High - April 05, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.

Improper Privilege Management

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-26912 8.3 - High - April 05, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909.

Improper Privilege Management

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-26909 8.3 - High - April 05, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26912.

Improper Privilege Management

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-26908 8.3 - High - April 05, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26909, CVE-2022-26912.

Improper Privilege Management

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-26900 8.3 - High - April 05, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.

Improper Privilege Management

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-26894 8.3 - High - April 05, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.

Improper Privilege Management

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-26891 8.3 - High - April 05, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.

Improper Privilege Management

Microsoft Edge (Chromium-based) Spoofing Vulnerability.

CVE-2022-24523 4.3 - Medium - April 05, 2022

Microsoft Edge (Chromium-based) Spoofing Vulnerability.

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-24475 8.3 - High - April 05, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.

Improper Privilege Management

Microsoft Edge (Chromium-based) Tampering Vulnerability.

CVE-2022-23261 5.3 - Medium - February 07, 2022

Microsoft Edge (Chromium-based) Tampering Vulnerability.

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-23262 6.3 - Medium - February 07, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23263.

Improper Privilege Management

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-23263 7.7 - High - February 07, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23262.

Improper Privilege Management

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-21970 6.1 - Medium - January 11, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21954.

Improper Privilege Management

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-21954 6.1 - Medium - January 11, 2022

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21970.

Improper Privilege Management

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2022-21931 4.2 - Medium - January 11, 2022

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21929, CVE-2022-21930.

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2022-21930 4.2 - Medium - January 11, 2022

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21929, CVE-2022-21931.

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2022-21929 2.5 - Low - January 11, 2022

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21930, CVE-2022-21931.

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2021-43221 4.2 - Medium - November 24, 2021

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Code Injection

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2021-42308 7.5 - High - November 24, 2021

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Authentication Bypass by Spoofing

Microsoft Edge (Chromium-based) Tampering Vulnerability

CVE-2021-38669 8.8 - High - September 15, 2021

Microsoft Edge (Chromium-based) Tampering Vulnerability

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation

CVE-2021-30615 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation

Chromium: CVE-2021-30624 Use after free in Autofill

CVE-2021-30624 8.8 - High - September 03, 2021

Chromium: CVE-2021-30624 Use after free in Autofill

Dangling pointer

Chromium: CVE-2021-30623 Use after free in Bookmarks

CVE-2021-30623 8.8 - High - September 03, 2021

Chromium: CVE-2021-30623 Use after free in Bookmarks

Dangling pointer

Chromium: CVE-2021-30622 Use after free in WebApp Installs

CVE-2021-30622 8.8 - High - September 03, 2021

Chromium: CVE-2021-30622 Use after free in WebApp Installs

Dangling pointer

Chromium: CVE-2021-30621 UI Spoofing in Autofill

CVE-2021-30621 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30621 UI Spoofing in Autofill

Authentication Bypass by Spoofing

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

CVE-2021-30620 8.8 - High - September 03, 2021

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

Chromium: CVE-2021-30619 UI Spoofing in Autofill

CVE-2021-30619 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30619 UI Spoofing in Autofill

Authentication Bypass by Spoofing

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

CVE-2021-30618 8.8 - High - September 03, 2021

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

Chromium: CVE-2021-30617 Policy bypass in Blink

CVE-2021-30617 6.5 - Medium - September 03, 2021

Chromium: CVE-2021-30617 Policy bypass in Blink

Chromium: CVE-2021-30616 Use after free in Media

CVE-2021-30616 8.8 - High - September 03, 2021

Chromium: CVE-2021-30616 Use after free in Media

Dangling pointer

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

CVE-2021-30614 8.8 - High - September 03, 2021

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

Memory Corruption

Chromium: CVE-2021-30613 Use after free in Base internals

CVE-2021-30613 8.8 - High - September 03, 2021

Chromium: CVE-2021-30613 Use after free in Base internals

Dangling pointer

Chromium: CVE-2021-30612 Use after free in WebRTC

CVE-2021-30612 8.8 - High - September 03, 2021

Chromium: CVE-2021-30612 Use after free in WebRTC

Dangling pointer

Chromium: CVE-2021-30611 Use after free in WebRTC

CVE-2021-30611 8.8 - High - September 03, 2021

Chromium: CVE-2021-30611 Use after free in WebRTC

Dangling pointer

Chromium: CVE-2021-30610 Use after free in Extensions API

CVE-2021-30610 8.8 - High - September 03, 2021

Chromium: CVE-2021-30610 Use after free in Extensions API

Dangling pointer

Chromium: CVE-2021-30609 Use after free in Sign-In

CVE-2021-30609 8.8 - High - September 03, 2021

Chromium: CVE-2021-30609 Use after free in Sign-In

Dangling pointer

Chromium: CVE-2021-30608 Use after free in Web Share

CVE-2021-30608 8.8 - High - September 03, 2021

Chromium: CVE-2021-30608 Use after free in Web Share

Dangling pointer

Chromium: CVE-2021-30607 Use after free in Permissions

CVE-2021-30607 8.8 - High - September 03, 2021

Chromium: CVE-2021-30607 Use after free in Permissions

Dangling pointer

Chromium: CVE-2021-30606 Use after free in Blink

CVE-2021-30606 8.8 - High - September 03, 2021

Chromium: CVE-2021-30606 Use after free in Blink

Dangling pointer

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-36928 7.8 - High - August 26, 2021

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36931.

insecure temporary file

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-36931 7.8 - High - August 26, 2021

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36928.

Improper Privilege Management

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2021-36929 5.5 - Medium - August 26, 2021

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-33741 7.5 - High - June 08, 2021

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2021-24113 5.4 - Medium - February 25, 2021

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182

CVE-2021-21157 8.8 - High - February 22, 2021

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96

CVE-2021-21131 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

insecure temporary file

Use after free in Media in Google Chrome prior to 88.0.4324.96

CVE-2021-21119 8.8 - High - February 09, 2021

Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in WebSQL in Google Chrome prior to 88.0.4324.96

CVE-2021-21120 8.8 - High - February 09, 2021

Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96

CVE-2021-21121 9.6 - Critical - February 09, 2021

Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Use after free in Blink in Google Chrome prior to 88.0.4324.96

CVE-2021-21122 8.8 - High - February 09, 2021

Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96

CVE-2021-21123 6.5 - Medium - February 09, 2021

Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

Improper Input Validation

Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96

CVE-2021-21124 9.6 - Critical - February 09, 2021

Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96

CVE-2021-21125 8.1 - High - February 09, 2021

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

insecure temporary file

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96

CVE-2021-21126 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.

authentification

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96

CVE-2021-21127 8.8 - High - February 09, 2021

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security policy via a crafted Chrome Extension.

Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96

CVE-2021-21128 8.8 - High - February 09, 2021

Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96

CVE-2021-21129 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96

CVE-2021-21130 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96

CVE-2021-21132 9.6 - Critical - February 09, 2021

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.

Clickjacking

Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96

CVE-2021-21133 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.

Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96

CVE-2021-21134 6.5 - Medium - February 09, 2021

Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.

Authentication Bypass by Spoofing

Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96

CVE-2021-21135 6.5 - Medium - February 09, 2021

Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96

CVE-2021-21136 6.5 - Medium - February 09, 2021

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96

CVE-2021-21137 6.5 - Medium - February 09, 2021

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

Information Disclosure

Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96

CVE-2021-21139 6.5 - Medium - February 09, 2021

Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Clickjacking

Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96

CVE-2021-21118 8.8 - High - February 09, 2021

Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Buffer Overflow