VYPR

rpm package

opensuse/chromium&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed

Vulnerabilities (4,053)

  • CVE-2018-18343HigDec 11, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18342HigDec 11, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2018-18341HigDec 11, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18340HigDec 11, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18339HigDec 11, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18338HigDec 11, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18337HigDec 11, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18336HigDec 11, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2018-18335HigDec 11, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-17481HigDec 11, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2018-17480HigKEVDec 11, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2018-6116MedDec 4, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

  • CVE-2018-6115MedDec 4, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page.

  • CVE-2018-6108MedDec 4, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.

  • CVE-2018-6107MedDec 4, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

  • CVE-2018-6105MedDec 4, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

  • CVE-2018-6104MedDec 4, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

  • CVE-2018-6103MedDec 4, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.

  • CVE-2018-6102MedDec 4, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

  • CVE-2018-6101HigDec 4, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.

Page 156 of 203