VYPR

rpm package

opensuse/chromium&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed

Vulnerabilities (4,053)

  • CVE-2018-6129MedJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

  • CVE-2018-6128MedJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

  • CVE-2018-6121HigJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page.

  • CVE-2018-6118HigJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

  • CVE-2018-20073MedJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem.

  • CVE-2018-17479HigJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-17478HigJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

  • CVE-2018-16086MedJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

  • CVE-2018-16077MedJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2018-16075MedJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Insufficient file type enforcement in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain local file data via a crafted HTML page.

  • CVE-2018-16074MedJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.

  • CVE-2018-16073MedJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.

  • CVE-2018-16070HigJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-16069MedJun 27, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Unintended floating-point error accumulation in SwiftShader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2019-5804MedMay 23, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.

  • CVE-2019-5803MedMay 23, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2019-5802MedMay 23, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

  • CVE-2019-5801MedMay 23, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

  • CVE-2019-5800MedMay 23, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2019-5799MedMay 23, 2019
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Page 149 of 203