Search for packages
| purl | pkg:deb/debian/chromium-browser@70.0.3538.110-1~deb9u1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-161k-5kba-aaas
Aliases: CVE-2018-20070 |
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | There are no reported fixed by versions. |
|
VCID-1851-vtm3-aaam
Aliases: CVE-2018-18336 |
Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | There are no reported fixed by versions. |
|
VCID-3qq5-z8gm-aaaa
Aliases: CVE-2018-18352 |
Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-3qqf-1hsw-aaam
Aliases: CVE-2018-18359 |
Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-6ku3-h3tv-aaab
Aliases: CVE-2018-18342 |
Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-7a1n-1wkx-aaad
Aliases: CVE-2018-18354 |
Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-7pzb-nzrc-aaag
Aliases: CVE-2018-18350 |
Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-8me4-m526-aaar
Aliases: CVE-2018-18355 |
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | There are no reported fixed by versions. |
|
VCID-a527-7rty-aaar
Aliases: CVE-2018-18349 |
Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. | There are no reported fixed by versions. |
|
VCID-aj8g-rahf-aaak
Aliases: CVE-2018-18346 |
Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-bafk-vevf-aaac
Aliases: CVE-2018-17480 |
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-c23z-eghb-aaar
Aliases: CVE-2018-18356 |
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-cskw-7ny6-aaab
Aliases: CVE-2018-18357 |
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | There are no reported fixed by versions. |
|
VCID-eq46-ag1q-aaam
Aliases: CVE-2018-18343 |
Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-f74w-3hyd-aaab
Aliases: CVE-2018-18353 |
Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-jgrf-erk1-aaap
Aliases: CVE-2018-20065 |
Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file. | There are no reported fixed by versions. |
|
VCID-jrda-7jjd-aaae
Aliases: CVE-2018-18347 |
Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-js4t-nb9d-aaae
Aliases: CVE-2018-18338 |
Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-jvw6-br17-aaam
Aliases: CVE-2018-20068 |
Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-k94k-yu1m-aaae
Aliases: CVE-2018-17481 |
Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | There are no reported fixed by versions. |
|
VCID-m44w-5tpn-aaad
Aliases: CVE-2018-18339 |
Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-mz2g-qdkv-aaaa
Aliases: CVE-2018-18337 |
Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-n45j-4b3w-aaae
Aliases: CVE-2018-20346 |
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. | There are no reported fixed by versions. |
|
VCID-p8bg-dkkm-aaak
Aliases: CVE-2018-20066 |
Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-pm42-9d1y-aaah
Aliases: CVE-2018-18340 |
Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-q6rc-3jq8-aaaa
Aliases: CVE-2018-18348 |
Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | There are no reported fixed by versions. |
|
VCID-tf2p-cqhu-aaaa
Aliases: CVE-2018-18344 |
Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension. | There are no reported fixed by versions. |
|
VCID-u1gb-e9xe-aaam
Aliases: CVE-2018-20067 |
A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-u9zd-x588-aaan
Aliases: CVE-2018-18335 |
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-vd4q-dkkd-aaam
Aliases: CVE-2018-18351 |
Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-vqc6-7579-aaan
Aliases: CVE-2018-18341 |
An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | There are no reported fixed by versions. |
|
VCID-y3a4-pugh-aaam
Aliases: CVE-2018-18358 |
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file. | There are no reported fixed by versions. |
|
VCID-zakr-qbzp-aaap
Aliases: CVE-2018-18345 |
Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-15s1-r6wb-aaag | Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page. |
CVE-2018-6036
|
| VCID-17ty-23n8-aaad | An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
CVE-2018-6090
|
| VCID-17vb-9zhe-aaah | Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
CVE-2018-6079
|
| VCID-1873-6hyq-aaaf | CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
CVE-2018-6137
|
| VCID-18jy-r3g2-aaap | Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL. |
CVE-2017-5128
|
| VCID-1bu8-andn-aaag | A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. |
CVE-2018-6096
|
| VCID-1d2w-dntg-aaag | Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page. |
CVE-2017-5124
|
| VCID-1hjf-rmgw-aaaf | Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page. |
CVE-2018-6047
|
| VCID-1jra-ark2-aaab | Insufficient data validation in Extensions API in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. |
CVE-2018-16064
|
| VCID-1s2w-2qg5-aaaf | Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2018-17479
|
| VCID-1sm8-wdrf-aaaj | Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. |
CVE-2018-16068
|
| VCID-26hb-2qfc-aaaa | Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2017-15409
|
| VCID-286h-yztb-aaaq | Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page. |
CVE-2018-6053
|
| VCID-2axg-unj8-aaae | Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page. |
CVE-2017-15415
|
| VCID-2bzh-jeun-aaaa | A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server. |
CVE-2017-15398
|
| VCID-2dr6-y2jk-aaaf | Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
CVE-2018-6113
|
| VCID-2phg-hy5w-aaar | Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension. |
CVE-2017-15394
|
| VCID-2urp-n1a9-aaan | Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. |
CVE-2017-5110
|
| VCID-34nj-wdqb-aaar | Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page. |
CVE-2017-5093
|
| VCID-34vg-cdp2-aaap | Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. |
CVE-2018-6070
|
| VCID-3bbf-r2mw-aaan | A use after free in ResourceCoordinator in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2018-16085
|
| VCID-3bwy-g1t8-aaar | A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page. |
CVE-2018-6103
|
| VCID-3drr-7qmw-aaak | Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. |
CVE-2018-6142
|
| VCID-3h5n-9w7y-aaan | Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page. |
CVE-2018-17477
|
| VCID-3yqe-f84m-aaam | An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
CVE-2018-16082
|
| VCID-3ztw-e1kp-aaaq | Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
CVE-2018-17466
|
| VCID-4842-hurr-aaar | Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension. |
CVE-2018-6178
|
| VCID-4c8j-2vh4-aaaa | security update |
DSA-4297-1 chromium-browser
|
| VCID-4fd2-sphg-aaae | Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2017-5113
|
| VCID-4p58-1z9g-aaad | Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
CVE-2017-15420
|
| VCID-4r4c-ra6e-aaak | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page. |
CVE-2018-6108
|
| VCID-4wej-7gs4-aaas | Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page. |
CVE-2018-6049
|
| VCID-4xwn-6bvs-aaaj | A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
CVE-2017-5098
|
| VCID-4z14-8kd3-aaab | Incorrect handling of object lifetimes in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
CVE-2018-6130
|
| VCID-52kz-kw8e-aaah | Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic. |
CVE-2017-15423
|
| VCID-53gr-hhmw-aaaf | Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation. |
CVE-2017-5132
|
| VCID-56r4-2bp7-aaap | Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
CVE-2018-6034
|
| VCID-57rx-avq2-aaad | An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. |
CVE-2018-6088
|
| VCID-5evs-dcq3-aaah | Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. |
CVE-2018-6179
|
| VCID-5hv1-cx23-aaah | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. |
CVE-2018-6175
|
| VCID-5trd-34cn-aaaj | Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read. |
CVE-2017-15416
|
| VCID-5vcf-apn2-aaad | A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. |
CVE-2017-5111
|
| VCID-5ve1-ymdg-aaah | Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. |
CVE-2017-15425
|
| VCID-61ur-6s3b-aaad | Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process. |
CVE-2018-6147
|
| VCID-625u-4pp9-aaas | Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
CVE-2018-6038
|
| VCID-66r8-bxgs-aaaf | A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page. |
CVE-2018-6099
|
| VCID-66tk-jqg8-aaag | A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape. |
CVE-2017-5087
|
| VCID-6ckg-pb17-aaab | Insufficient policy enforcement in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page. |
CVE-2018-6161
|
| VCID-6gbk-kpx5-aaaj | Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
CVE-2017-5127
|
| VCID-6gmm-mnkw-aaah | Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page. |
CVE-2018-16074
|
| VCID-6gqa-djpu-aaak | Lack of proper state tracking in Permissions in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
CVE-2018-16087
|
| VCID-6mvw-6hwb-aaak | Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2018-17474
|
| VCID-6pmt-bhk9-aaan | Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. |
CVE-2017-15427
|
| VCID-6sa5-gp57-aaaf | Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. |
CVE-2017-15390
|
| VCID-6vr8-nkje-aaaq | Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page. |
CVE-2018-6174
|
| VCID-6zs1-nt5e-aaac | Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak. |
CVE-2017-15393
|
| VCID-71xe-fbde-aaaq | An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
CVE-2018-6072
|
| VCID-726n-2skk-aaah | Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. |
CVE-2018-6157
|
| VCID-76qy-6prp-aaag | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. |
CVE-2018-6173
|
| VCID-77wh-ybvg-aaaq | Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page. |
CVE-2018-6095
|
| VCID-8388-1mjy-aaap | Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. |
CVE-2018-6141
|
| VCID-83y7-egc5-aaaf | Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
CVE-2018-6127
|
| VCID-885u-bkfu-aaaq | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. |
CVE-2018-6172
|
| VCID-8b3d-nqhc-aaaf | Uninitialized data in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. |
CVE-2018-6132
|
| VCID-8ese-u8br-aaae | Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page. |
CVE-2018-6085
|
| VCID-8gts-jdyk-aaan | Missing type check in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
CVE-2018-6136
|
| VCID-8kth-z4cx-aaaq | Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
CVE-2018-17475
|
| VCID-8meb-3815-aaab | Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2018-16070
|
| VCID-8xgx-k9es-aaam | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. |
CVE-2018-6163
|
| VCID-8y64-ayg1-aaad | Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
CVE-2018-6062
|
| VCID-98jq-nubn-aaak | Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page. |
CVE-2018-6057
|
| VCID-9dhc-wwbw-aaak | Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server. |
CVE-2017-15407
|
| VCID-9dwb-tcz6-aaas | Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page. |
CVE-2018-16073
|
| VCID-9dxj-nske-aaas | Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. |
CVE-2018-17468
|
| VCID-9pej-aq1g-aaan | A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
CVE-2018-6116
|
| VCID-9y6t-uz46-aaad | The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
CVE-2017-5029
GHSA-pf6m-fxpq-fg8v |
| VCID-a441-xmcj-aaap | Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
CVE-2018-6149
|
| VCID-a719-46d7-aaae | A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2017-15396
|
| VCID-aahe-hrab-aaah | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. |
CVE-2018-6107
|
| VCID-apjk-nhyx-aaaj | Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring). |
CVE-2017-5120
|
| VCID-apmj-cnn8-aaaa | Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2018-6162
|
| VCID-ay2g-rqdz-aaan | Information leak in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. |
CVE-2018-6134
|
| VCID-az7a-eqn4-aaaa | Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page. |
CVE-2018-6043
|
| VCID-b7ju-2nyh-aaak | Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
CVE-2017-15410
|
| VCID-b7za-ju6t-aaah | Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
CVE-2018-6119
|
| VCID-bezy-m7d9-aaag | Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
CVE-2017-5117
|
| VCID-bgq8-f68q-aaak | Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page. |
CVE-2018-6121
|
| VCID-bmcz-pz2a-aaaq | A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page. |
CVE-2018-6086
|
| VCID-bmnk-pf6y-aaaa | Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension. |
CVE-2018-6033
|
| VCID-bsaa-chea-aaan | A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2017-15399
|
| VCID-bxge-mua5-aaam | Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page. |
CVE-2018-6169
|
| VCID-c257-ea6w-aaar | Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
CVE-2018-6066
|
| VCID-c2sr-2ssj-aaam | Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page. |
CVE-2018-6040
|
| VCID-c3au-uty7-aaah | Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. |
CVE-2018-6140
|
| VCID-cbba-ryna-aaak | Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
CVE-2018-6050
|
| VCID-cbh9-h7nb-aaas | Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2018-6067
|
| VCID-cgrj-g8ep-aaan | Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
CVE-2018-6150
|
| VCID-cgvp-xzk5-aaaf | Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page. |
CVE-2018-6083
|
| VCID-ch4j-8p4j-aaan | The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction. |
CVE-2018-6152
|
| VCID-cnjt-dh71-aaae | Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
CVE-2018-16077
|
| VCID-cqdm-x1qg-aaan | Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
CVE-2017-15418
|
| VCID-czkj-c6vt-aaam | Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration. |
CVE-2017-15392
|
| VCID-czvt-9cp9-aaaa | Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
CVE-2018-6091
|
| VCID-d7jm-pmk3-aaac | Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. |
CVE-2018-6039
|
| VCID-d9mf-x1r8-aaae | Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. |
CVE-2018-6124
|
| VCID-dan1-2zy7-aaae | Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. |
CVE-2018-17478
|
| VCID-de62-xtrj-aaab | Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
CVE-2017-5103
|
| VCID-djbn-sd5t-aaac | Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
CVE-2017-15428
|
| VCID-dwxg-up7v-aaak | Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension. |
CVE-2018-6176
|
| VCID-dxmx-42u1-aaae | Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file. |
CVE-2017-5133
|
| VCID-e49u-e92f-aaam | Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. |
CVE-2017-5114
|
| VCID-efd7-h1j4-aaag | Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction. |
CVE-2018-6075
|
| VCID-ehb8-j9yr-aaaf | Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. |
CVE-2018-6102
|
| VCID-es42-dtph-aaaq | Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
CVE-2018-6068
|
| VCID-et4d-7gsf-aaaf | Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page. |
CVE-2017-5094
|
| VCID-ewq5-taaa-aaaa | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. |
CVE-2018-6104
|
| VCID-f2bv-e72c-aaaq | A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
CVE-2018-16079
|
| VCID-f2nj-jmzf-aaae | Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
CVE-2018-6077
|
| VCID-f5wp-616u-aaac | A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
CVE-2017-5100
|
| VCID-f8vf-epre-aaaj | Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
CVE-2017-15388
|
| VCID-f9cx-7cvv-aaab | Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. |
CVE-2017-5106
|
| VCID-fax4-wh7y-aaaf | Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
CVE-2018-16078
|
| VCID-fbck-me43-aaad | An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
CVE-2018-17458
|
| VCID-ff13-5bze-aaac | A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. |
CVE-2018-16071
|
| VCID-fnyx-dbuf-aaaq | Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page. |
CVE-2018-6037
|
| VCID-fp16-4yjf-aaaa | Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. |
CVE-2017-5121
|
| VCID-fxzq-wxht-aaac | Object lifecycle issue in WebAssembly in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2018-6131
|
| VCID-ga3f-4yt2-aaaj | Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
CVE-2018-6042
|
| VCID-gc8w-upp6-aaaf | Insufficient data validation in filesystem URIs in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. |
CVE-2018-17460
|
| VCID-gez7-ru4y-aaac | A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server. |
CVE-2018-6101
|
| VCID-gg6b-gvnt-aaaq | Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
CVE-2018-6112
|
| VCID-ggqk-f7zk-aaam | Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page. |
CVE-2017-15419
|
| VCID-ghs1-g8vv-aaag | Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data. |
CVE-2018-6052
|
| VCID-gk1q-15t1-aaaf | Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file. |
CVE-2017-5095
|
| VCID-gm6v-frta-aaaf | A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. |
CVE-2018-6118
|
| VCID-gw65-1ar8-aaag | Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page. |
CVE-2018-6074
|
| VCID-gwrx-vbxj-aaaj | Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
CVE-2018-6069
|
| VCID-gy6j-uvbq-aaad | A missing check for popup window handling in Fullscreen in Google Chrome on macOS prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
CVE-2018-16080
|
| VCID-gyss-rvub-aaaa | Insufficient policy enforcement in USB in Google Chrome on Windows prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. |
CVE-2018-6125
|
| VCID-hbw6-a9p5-aaac | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. |
CVE-2018-6098
|
| VCID-hec8-hjz9-aaan | Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page. |
CVE-2018-6097
|
| VCID-hge1-jbcg-aaak | Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page. |
CVE-2017-5118
|
| VCID-hmnk-nc2q-aaaf | Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. |
CVE-2018-6063
|
| VCID-hrju-x1dn-aaaj | Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
CVE-2017-15417
|
| VCID-hv5r-a2ws-aaaq | Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page. |
CVE-2018-20071
|
| VCID-hzpr-7c33-aaae | Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
CVE-2018-6129
|
| VCID-j33x-2d2k-aaas | readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page. |
CVE-2018-6109
|
| VCID-j35p-gzt9-aaae | Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page. |
CVE-2017-5122
|
| VCID-jkyn-rgp4-aaan | A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2018-6123
|
| VCID-jp48-wsn5-aaad | An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. |
CVE-2018-6120
|
| VCID-jq4m-fp9h-aaab | XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page. |
CVE-2018-6081
|
| VCID-k22g-vrd8-aaam | A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
CVE-2017-5129
|
| VCID-k2rx-w872-aaag | Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. |
CVE-2018-17471
|
| VCID-k3g2-xrch-aaad | Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
CVE-2018-17467
|
| VCID-k54b-16ug-aaam | A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60. |
CVE-2018-5179
|
| VCID-kemd-e5q7-aaag | A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page. |
CVE-2017-5107
|
| VCID-kmen-gumz-aaac | Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page. |
CVE-2017-15387
|
| VCID-knmb-q6cb-aaak | The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page. |
CVE-2018-16084
|
| VCID-kp5b-y6s7-aaaj | An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write. |
CVE-2017-5131
|
| VCID-kqeu-n6qb-aaab | Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
CVE-2018-17464
|
| VCID-kxs5-xx49-aaaq | Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2018-6060
|
| VCID-kzjs-e3zu-aaam | Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page. |
CVE-2017-5099
|
| VCID-m2nq-xbwe-aaap | Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. |
CVE-2018-6151
|
| VCID-mfsg-tb2u-aaap | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. |
CVE-2018-6166
|
| VCID-mj4k-qgxv-aaab | Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. |
CVE-2018-6054
|
| VCID-mkpy-8yhz-aaaf | A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2018-6158
|
| VCID-mnxa-vm7f-aaaa | Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2018-6065
|
| VCID-mybm-z51s-aaas | Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
CVE-2018-6135
|
| VCID-nayx-9nms-aaap | Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
CVE-2018-6168
|
| VCID-nep2-x1vy-aaae | Insufficient file type enforcement in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain local file data via a crafted HTML page. |
CVE-2018-16075
|
| VCID-nnxs-5wy1-aaab | An object lifecycle issue in Blink could lead to a use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
CVE-2018-17457
|
| VCID-nsyz-k7yc-aaad | Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
CVE-2018-6114
|
| VCID-p11d-z8u7-aaad | Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. |
CVE-2018-17465
|
| VCID-p8y8-3fh8-aaag | Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. |
CVE-2017-15429
|
| VCID-pga1-77vr-aaas | Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. |
CVE-2017-5109
|
| VCID-ph31-qyqc-aaaa | Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2018-6122
|
| VCID-pncu-csqz-aaas | An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. |
CVE-2018-17461
|
| VCID-pwxe-wm9c-aaan | An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page. |
CVE-2018-6106
|
| VCID-pz43-mrw9-aaan | Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. |
CVE-2017-5092
|
| VCID-q2f6-bw3x-aaaa | Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. |
CVE-2017-15426
|
| VCID-q3n2-rzwt-aaap | Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
CVE-2018-6164
|
| VCID-q7r3-syhx-aaas | Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. |
CVE-2018-6078
|
| VCID-qa74-2yev-aaaj | Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page. |
CVE-2018-6145
|
| VCID-qewu-hksm-aaag | Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page. |
CVE-2017-15391
|
| VCID-qnp1-9fbz-aaaq | Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
CVE-2017-5116
|
| VCID-qv8b-2rwm-aaaj | An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
CVE-2018-6092
|
| VCID-qy3z-2e59-aaap | Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page. |
CVE-2017-5104
|
| VCID-r1rv-w4e6-aaar | Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
CVE-2017-5102
|
| VCID-rgjb-2ken-aaap | A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
CVE-2018-6073
|
| VCID-rjd5-euug-aaaj | Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. |
CVE-2018-6100
|
| VCID-rsnh-2pbb-aaam | An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
CVE-2018-6071
|
| VCID-rue5-mk2v-aaaq | Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
CVE-2018-6041
|
| VCID-rx76-gyuk-aaar | A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference. |
CVE-2017-15395
|
| VCID-ryqd-vk9y-aaaj | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. |
CVE-2018-6167
|
| VCID-rzag-1zph-aaaq | Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. |
CVE-2017-5105
|
| VCID-s5v3-7jd5-aaaa | Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
CVE-2017-5112
|
| VCID-s5zt-yg2j-aaaj | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. |
CVE-2018-6133
|
| VCID-s8u3-hqta-aaab | An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
CVE-2018-16083
|
| VCID-sbnn-r9xx-aaas | Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page. |
CVE-2018-6048
|
| VCID-sk7t-rjkc-aaak | A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. |
CVE-2018-6153
|
| VCID-sm3w-5w21-aaag | A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2018-16066
|
| VCID-sr7n-assg-aaap | Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
CVE-2018-6177
|
| VCID-src2-kgn6-aaae | Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. |
CVE-2018-6105
|
| VCID-srxy-gz8s-aaaf | Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. |
CVE-2018-16086
|
| VCID-stvy-u3mk-aaac | Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
CVE-2018-6143
|
| VCID-t6wx-skyh-aaan | Insufficient policy enforcement in Extensions API in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. |
CVE-2018-6138
|
| VCID-t8c1-qa8p-aaas | Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. |
CVE-2018-6156
|
| VCID-tb27-cts4-aaaq | Unintended floating-point error accumulation in SwiftShader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
CVE-2018-16069
|
| VCID-tbn7-fqzw-aaak | An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page. |
CVE-2018-6111
|
| VCID-tca9-fkw5-aaan | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |
CVE-2017-7000
|
| VCID-td29-ry48-aaam | Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. |
CVE-2018-17469
|
| VCID-tm5s-pqzk-aaas | XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page. |
CVE-2018-6051
|
| VCID-tm6m-wka1-aaam | Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
CVE-2018-6117
|
| VCID-tq9b-2q4p-aaam | A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2018-16067
|
| VCID-ts6n-4tqz-aaab | Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. |
CVE-2017-5115
|
| VCID-tst4-dhas-aaap | Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. |
CVE-2018-16435
|
| VCID-tzpa-42fr-aaas | Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
CVE-2017-5119
|
| VCID-ubrz-2xpb-aaap | Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. |
CVE-2018-16076
|
| VCID-ugmr-am3n-aaab | Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension. |
CVE-2018-16081
|
| VCID-ujwh-4xhf-aaaj | Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
CVE-2018-6148
|
| VCID-uk17-scdd-aaaj | A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
CVE-2017-5091
|
| VCID-um94-qumk-aaaj | Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
CVE-2018-17459
|
| VCID-utyu-bsr3-aaam | Insufficient data validation in WebGL in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2018-6154
|
| VCID-uufu-91dn-aaac | A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page. |
CVE-2018-6089
|
| VCID-uvgd-km1d-aaak | Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. |
CVE-2018-17476
|
| VCID-v1fy-ygqg-aaaf | Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2018-6094
|
| VCID-v1qs-3cf1-aaak | Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. |
CVE-2018-6045
|
| VCID-v2ty-6gf9-aaam | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. |
CVE-2018-4117
|
| VCID-v5ph-51p7-aaar | A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
CVE-2017-15406
|
| VCID-v65j-nvaq-aaaj | Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. |
CVE-2018-6046
|
| VCID-vavx-dzbx-aaac | A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
CVE-2017-5126
|
| VCID-vbw4-r6xm-aaam | Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
CVE-2018-6093
|
| VCID-ve4z-6uyz-aaak | Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. |
CVE-2018-17473
|
| VCID-veh1-uek2-aaac | Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page. |
CVE-2018-6082
|
| VCID-vmyh-r6j3-aaan | A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2018-6061
|
| VCID-vrbm-m49x-aaan | Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes . |
CVE-2018-6080
|
| VCID-w58v-pq59-aaar | Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
CVE-2017-5097
|
| VCID-w6se-w2wm-aaam | Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page. |
CVE-2018-6110
|
| VCID-w96a-c3pk-aaag | Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. |
CVE-2017-5088
|
| VCID-wk5c-nnbd-aaas | Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
CVE-2018-6159
|
| VCID-wmh4-2nd7-aaaf | Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. |
CVE-2017-15424
|
| VCID-wqun-djmu-aaaj | Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file. |
CVE-2017-5108
|
| VCID-wt6f-zysg-aaag | A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
CVE-2018-17470
|
| VCID-x28y-hw51-aaak | Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page. |
CVE-2018-6032
|
| VCID-x57q-98na-aaad | A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page. |
CVE-2018-16088
|
| VCID-x9un-gj9h-aaap | Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
CVE-2017-15386
|
| VCID-xar3-nmuq-aaaf | Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
CVE-2017-15411
|
| VCID-xgun-sezg-aaag | Use after free in Bluetooth in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. |
CVE-2018-6171
|
| VCID-xwx3-7gwv-aaah | Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. |
CVE-2018-6139
|
| VCID-xxsk-9h5m-aaab | Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page. |
CVE-2018-17472
|
| VCID-xy39-jjgp-aaaq | Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. |
CVE-2018-6035
|
| VCID-y38z-d5du-aaah | Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
CVE-2018-17463
|
| VCID-y4a2-aedz-aaae | Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2017-15413
|
| VCID-y83a-fcsr-aaap | A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
CVE-2018-6126
|
| VCID-y8rs-u8kg-aaaj | Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium. |
CVE-2017-15408
|
| VCID-yauc-ggez-aaab | Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2018-6064
|
| VCID-ygkz-tpwn-aaab | Incorrect handling of frames in the VP8 parser in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. |
CVE-2018-6155
|
| VCID-yn3k-47y6-aaab | An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
CVE-2017-15389
|
| VCID-ypbg-yfnr-aaaq | Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page. |
CVE-2018-17462
|
| VCID-yr3z-s7ts-aaaa | Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. |
CVE-2018-6144
|
| VCID-yt75-99ku-aaas | Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page. |
CVE-2018-6076
|
| VCID-ywwc-g9wd-aaan | Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
CVE-2018-6056
|
| VCID-ywyt-3qks-aaaj | Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name. |
CVE-2017-5089
|
| VCID-yxb1-6r8k-aaae | Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2017-5125
|
| VCID-z6tn-929n-aaaa | Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. |
CVE-2017-5101
|
| VCID-z85u-h9yq-aaah | Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page. |
CVE-2018-6055
|
| VCID-zarz-b9xs-aaaq | A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
CVE-2018-16065
|
| VCID-zdga-rdpu-aaah | Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
CVE-2018-6165
|
| VCID-zdqg-29nu-aaah | Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
CVE-2018-6031
|
| VCID-zu9r-2xj5-aaab | A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
CVE-2018-6170
|
| VCID-zxn6-4jya-aaae | A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
CVE-2018-6087
|