VYPR

rpm package

opensuse/chromium&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed

Vulnerabilities (4,053)

  • CVE-2016-9652CriNov 20, 2019
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75.

  • CVE-2016-5202CriOct 25, 2019
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase opera

  • CVE-2019-18197HigOct 18, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized

  • CVE-2019-8075HigSep 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.

  • CVE-2019-15903HigSep 4, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

  • CVE-2019-5840MedJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

  • CVE-2019-5839MedJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.

  • CVE-2019-5838MedJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.

  • CVE-2019-5837MedJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2019-5836HigJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5835MedJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

  • CVE-2019-5834MedJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

  • CVE-2019-5833MedJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.

  • CVE-2019-5832MedJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2019-5831HigJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5830MedJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2019-5829HigJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

  • CVE-2019-5828HigJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

  • CVE-2019-5827HigJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2019-5824HigJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Page 146 of 203