VYPR

rpm package

opensuse/chromium&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed

Vulnerabilities (4,053)

  • CVE-2017-15426MedAug 28, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-15425MedAug 28, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-15424MedAug 28, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-15423MedAug 28, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.

  • CVE-2017-15422MedAug 28, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-15420MedAug 28, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2017-15419MedAug 28, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.

  • CVE-2017-15418MedAug 28, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2017-15417MedAug 28, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2017-15416MedAug 28, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.

  • CVE-2017-15415MedAug 28, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.

  • CVE-2017-15413HigAug 28, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15412HigAug 28, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15411HigAug 28, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-15410HigAug 28, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-15409HigAug 28, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15408HigAug 28, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.

  • CVE-2017-15407HigAug 28, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.

  • CVE-2018-4117MedApr 3, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit"

  • CVE-2017-7000HigApr 3, 2018
    affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cras

Page 161 of 203