Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 1.62 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. Insufficient data validation in Extensions in Google Chrome prior to 1.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome Extension. Type confusion in V8 in Google Chrome prior to 1.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Use after free in V8 in Google Chrome prior to 1.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in Speech Recognition in Google Chrome prior to 1.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Use after free in Web Workers in Google Chrome prior to 1.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Use after free in WebCodecs in Google Chrome prior to 1.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Type confusion in V8 in Google Chrome prior to 1.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Heap buffer overflow in Crashpad in Google Chrome on Android prior to 1.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain cleartext cached credentials. The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password.
0 kommentar(er)
