rpm package
opensuse/chromium&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
Vulnerabilities (4,053)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-18343 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Dec 11, 2018 | Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2018-18342 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Dec 11, 2018 | Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |
| CVE-2018-18341 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Dec 11, 2018 | An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2018-18340 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Dec 11, 2018 | Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2018-18339 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Dec 11, 2018 | Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2018-18338 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Dec 11, 2018 | Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2018-18337 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Dec 11, 2018 | Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2018-18336 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Dec 11, 2018 | Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |
| CVE-2018-18335 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Dec 11, 2018 | Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2018-17481 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Dec 11, 2018 | Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |
| CVE-2018-17480 | Hig | 8.8 | KEV | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Dec 11, 2018 | Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
| CVE-2018-6116 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Dec 4, 2018 | A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |
| CVE-2018-6115 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Dec 4, 2018 | Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page. | |
| CVE-2018-6108 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Dec 4, 2018 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page. | |
| CVE-2018-6107 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Dec 4, 2018 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |
| CVE-2018-6105 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Dec 4, 2018 | Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |
| CVE-2018-6104 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Dec 4, 2018 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |
| CVE-2018-6103 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Dec 4, 2018 | A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page. | |
| CVE-2018-6102 | Med | 4.3 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Dec 4, 2018 | Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |
| CVE-2018-6101 | Hig | 7.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Dec 4, 2018 | A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server. |
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.
Page 156 of 203