2024

2023

2022

2021

CVE-2021-21219 (v3: 5.5) 26 Apr 2021
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

2020

CVE-2020-6438 (v3: 4.3) 13 Apr 2020
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.
CVE-2020-6400 (v3: 6.5) 11 Feb 2020
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6408 (v3: 5.5) 11 Feb 2020
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.

2019

CVE-2019-13737 (v3: 6.5) 10 Dec 2019
Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2019-13744 (v3: 6.5) 10 Dec 2019
Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-13745 (v3: 6.5) 10 Dec 2019
Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-13751 (v3: 6.5) 10 Dec 2019
Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2019-5848 (v3: 6.5) 25 Nov 2019
Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2019-5880 (v3: 7.4) 25 Nov 2019
Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-13666 (v3: 7.4) 25 Nov 2019
Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-13684 (v3: 5.3) 25 Nov 2019
Inappropriate implementation in JavaScript in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-13705 (v3: 4.3) 25 Nov 2019
Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.
CVE-2019-13707 (v3: 5.5) 25 Nov 2019
Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.
CVE-2019-13711 (v3: 5.3) 25 Nov 2019
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-13713 (v3: 6.5) 25 Nov 2019
Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-5818 (v3: 6.5) 27 Jun 2019
Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.
CVE-2019-5837 (v3: 6.5) 27 Jun 2019
Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-5810 (v3: 6.5) 27 Jun 2019
Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

2018

CVE-2018-20073 (v3: 5.5) 27 Jun 2019
Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem.
CVE-2018-6132 (v3: 4.3) 27 Jun 2019
Uninitialized data in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.
CVE-2018-6134 (v3: 6.5) 27 Jun 2019
Information leak in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page.
CVE-2018-6150 (v3: 6.5) 27 Jun 2019
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2018-6159 (v3: 6.5) 27 Jun 2019
Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2018-6168 (v3: 6.5) 27 Jun 2019
Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2018-6177 (v3: 4.3) 27 Jun 2019
Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2018-16078 (v3: 6.5) 9 Jan 2019
Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2018-6093 (v3: 6.5) 9 Jan 2019
Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2018-6109 (v3: 6.5) 9 Jan 2019
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.
CVE-2018-6117 (v3: 6.5) 9 Jan 2019
Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2018-6137 (v3: 6.5) 9 Jan 2019
CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2018-6164 (v3: 6.5) 9 Jan 2019
Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2018-6179 (v3: 6.5) 9 Jan 2019
Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.
CVE-2018-17468 (v3: 6.5) 14 Nov 2018
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.
CVE-2018-6066 (v3: 6.5) 14 Nov 2018
Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2018-6075 (v3: 6.5) 14 Nov 2018
Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction.
CVE-2018-6077 (v3: 6.5) 14 Nov 2018
Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2018-6079 (v3: 6.5) 14 Nov 2018
Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2018-6082 (v3: 4.7) 14 Nov 2018
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.
CVE-2018-6035 (v3: 8.8) 25 Sep 2018
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
CVE-2018-6037 (v3: 6.5) 25 Sep 2018
Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page.
CVE-2018-6045 (v3: 6.5) 25 Sep 2018
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
CVE-2018-6052 (v3: 4.3) 25 Sep 2018
Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.
CVE-2018-6053 (v3: 3.3) 25 Sep 2018
Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.
CVE-2018-10229 (v3: 4.8) 4 May 2018
A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API.
CVE-2018-10178 (v3: 5.3) 17 Apr 2018
The FromDocToPDF extension before 13.611.13.2303 for Chrome allows remote attackers to discover visited web sites via vectors involving a mostVisitedSites command.

2017

CVE-2017-5011 (v3: 6.5) 17 Feb 2017
Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page.
CVE-2017-5017 (v3: 4.3) 17 Feb 2017
Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page.

2016

CVE-2016-5201 (v3: 6.5) 19 Jan 2017
A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page.
CVE-2016-5212 (v3: 6.5) 19 Jan 2017
Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page.
CVE-2016-5220 (v3: 6.5) 19 Jan 2017
PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file.
CVE-2016-5172 (v3: 6.5) 25 Sep 2016
The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
CVE-2016-5166 (v3: 3.1) 11 Sep 2016
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice.
CVE-2016-5134 (v3: 8.8) 23 Jul 2016
net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763.
CVE-2016-5137 (v3: 4.3) 23 Jul 2016
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution.
CVE-2016-1677 (v3: 6.5) 6 Jun 2016
uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."
CVE-2016-1651 (v3: 8.1) 18 Apr 2016
fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document.
CVE-2016-2845 (v3: 5.3) 6 Mar 2016
The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp.
CVE-2016-1637 (v3: 6.5) 6 Mar 2016
The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain sensitive information via a crafted web site.
CVE-2016-1614 (v3: 4.3) 25 Jan 2016
The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
CVE-2016-1617 (v3: 4.3) 25 Jan 2016
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.

2015

CVE-2015-6759 (v2: 5) 15 Oct 2015
The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors involving a blob: URL.
CVE-2015-1247 (v2: 5) 19 Apr 2015
The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local files via a crafted (1) http or (2) https web site.