Some of the security vulnerabilities reported by
Rob Wu
:
CVE-2014-3170
Google Chrome: Permission dialog spoof
Chromium bug 424961
Google Chrome: Local file access via protocol handler
CVE-2015-1226
Google Chrome: Bypass access checks in debugger
CVE-2015-1298
Google Chrome: Insufficient validation in navigation
Chromium bug 518749
Google Chrome: Use-after-free in USB API
CVE-2015-1302
Google Chrome: Bypass of Same-Origin Policy of PDF files
Freedesktop bug 94292
Xorg: Stack buffer overflow in XSecurityGenerateAuthorization
CVE-2016-1635
Google Chrome: Use-after-free in app.window API
CVE-2016-1638
Google Chrome: Bypass of app API restrictions
CVE-2016-1655
Google Chrome: Use-after-free via content scripts
CVE-2016-1662
Google Chrome: Use-after-free via GCCallback
CVE-2016-1676
Google Chrome: UXSS via SchemaRegistry
CVE-2016-1679
Google Chrome: Insecure value conversion and use-after-free
CVE-2016-1687
Google Chrome: Leak of extension privates
CVE-2016-1690
Google Chrome: Use-after-free in autofill agent
CVE-2016-1698
Google Chrome: Web pages can load arbitrary extension modules
CVE-2016-1700
Google Chrome: Use-after-free in extension views
CVE-2016-1701
Google Chrome: Use-after-free in autofill components
CVE-2016-5136
Google Chrome: Use-after-free in script deletion
CVE-2016-5206
Google Chrome: Same-origin bypass in PDFium
CVE-2016-5217
Google Chrome: Use of unvalidated data in PDFium
CVE-2016-5219
Google Chrome: Use after free in V8
CVE-2016-5220
Google Chrome: Local file access in PDFium
CVE-2017-5018
Google Chrome: XSS in app launcher
CVE-2017-5020
Google Chrome: Arbitrary code execution
CVE-2017-5021
Google Chrome: Use-after-free in incognito icons
CVE-2018-5105
Firefox: bypass prompts for program execution in extensions
Firefox bug 1426363
Firefox: extension permission hiding (beta)
CVE-2018-6035
Google Chrome: Insufficient isolation of DevTools from extensions
CVE-2018-6045
Google Chrome: Insufficient isolation of DevTools from extensions
CVE-2018-6046
Google Chrome: Insufficient validation of DevTools URLs
CVE-2018-6054
Google Chrome: Use-after-free in WebUI
CVE-2018-6070
Google Chrome: CSP bypass via extensions
CVE-2018-6081
Google Chrome: XSS in interstitials
CVE-2018-6089
Google Chrome: Same-origin bypass in Service Workers
CVE-2018-6101
Google Chrome: Insufficient protection of remote debugging protocol
CVE-2018-6112
Google Chrome: Incorrect URL handing in DevTools
CVE-2018-6139
Google Chrome: Extension debugger restriction bypass
CVE-2018-6140
Google Chrome: Debugger restriction bypass
CVE-2018-6150
Google Chrome: Cross-origin information disclosure via SRI in Service Workers
CVE-2018-6151
Google Chrome: Bad cast in DevTools
CVE-2018-6152
Google Chrome: Local file write and dangerous check bypass in DevTools
CVE-2018-16064
Google Chrome: Request privilege escalation in Extensions
CVE-2018-12395
Firefox: Bypass extension permissions via domain fronting
CVE-2018-12396
Firefox: Script execution in disallowed contexts
CVE-2018-12397
Firefox: Missing warning for local file access
CVE-2018-18497
Firefox: Bypass validation to load arbitrary URLs
CVE-2019-5768
Google Chrome: Local file access via DevTools
CVE-2020-15655
Firefox: Same-origin bypass via extension redirects
CVE-2020-6561
Google Chrome: Cross-origin information disclosure via CSP
CVE-2021-23953
Firefox: Cross-origin information leakage via redirected PDF requests
CVE-2021-23984
Firefox: Popup title spoofing by extensions
CVE-2021-21228
Google Chrome: Enterprise policy bypass by extensions
CVE-2022-22754
Firefox: Extension permission confirmation bypass
CVE-2022-34471
Firefox: Missing version verification in add-on update process
CVE-2023-28160
Firefox: Local path disclosure through a redirect
Chromium bug 1042963
Google Chrome: Extension CSP validator bypass
CVE-2023-2314
Google Chrome: CSRF in DevTools server
CVE-2024-0751
Firefox: Privilege escalation through devtools extension
CVE-2024-7525
Firefox: Missing permission check when creating a StreamFilter