rpm package
opensuse/chromium&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
Vulnerabilities (4,053)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-17473 | Med | 4.3 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 14, 2018 | Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |
| CVE-2018-17472 | Cri | 9.6 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 14, 2018 | Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the sandbox via a crafted HTML page. | |
| CVE-2018-17471 | Med | 4.3 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 14, 2018 | Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. | |
| CVE-2018-17469 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 14, 2018 | Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | |
| CVE-2018-17468 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 14, 2018 | Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. | |
| CVE-2018-17467 | Med | 4.3 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 14, 2018 | Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |
| CVE-2018-17466 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 14, 2018 | Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| CVE-2018-17465 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 14, 2018 | Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | |
| CVE-2018-17464 | Med | 4.3 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 14, 2018 | Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |
| CVE-2018-17463 | Hig | 8.8 | KEV | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 14, 2018 | Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
| CVE-2018-17462 | Cri | 9.6 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Nov 14, 2018 | Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page. | |
| CVE-2018-6054 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Sep 25, 2018 | Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. | |
| CVE-2018-6053 | Low | 3.3 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Sep 25, 2018 | Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page. | |
| CVE-2018-6052 | Med | 4.3 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Sep 25, 2018 | Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data. | |
| CVE-2018-6051 | Med | 4.3 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Sep 25, 2018 | XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page. | |
| CVE-2018-6050 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Sep 25, 2018 | Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |
| CVE-2018-6049 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Sep 25, 2018 | Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page. | |
| CVE-2018-6048 | Med | 4.3 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Sep 25, 2018 | Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page. | |
| CVE-2018-6047 | Med | 4.3 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Sep 25, 2018 | Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page. | |
| CVE-2018-6046 | Med | 6.1 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Sep 25, 2018 | Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. |
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the sandbox via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.
Page 159 of 203