CVE-2025-3071

MEDIUM Year: 2025
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-346
View all →

Vulnerability Description

Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

Related Vulnerabilities

CVE-2017-8530

MEDIUM
CVSS:5.4(Medium)

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not pr...

CWE-3462017

CVE-2017-8650

MEDIUM
CVSS:5.4(Medium)

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feat...

CWE-3462017

CVE-2019-1445

MEDIUM
CVSS:5.4(Medium)

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is uniq...

CWE-3462019

CVE-2019-1447

MEDIUM
CVSS:5.4(Medium)

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is uniq...

CWE-3462019

CVE-2020-0647

MEDIUM
CVSS:5.4(Medium)

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'.

CWE-3462020

CVE-2020-0695

MEDIUM
CVSS:5.4(Medium)

A spoofing vulnerability exists when Office Online Server does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Server Spoofing Vulnerability'.

CWE-3462020