rpm package
opensuse/chromium&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
Vulnerabilities (4,053)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-15426 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Aug 28, 2018 | Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | |
| CVE-2017-15425 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Aug 28, 2018 | Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | |
| CVE-2017-15424 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Aug 28, 2018 | Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | |
| CVE-2017-15423 | Med | 5.3 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Aug 28, 2018 | Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic. | |
| CVE-2017-15422 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Aug 28, 2018 | Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| CVE-2017-15420 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Aug 28, 2018 | Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |
| CVE-2017-15419 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Aug 28, 2018 | Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page. | |
| CVE-2017-15418 | Med | 4.3 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Aug 28, 2018 | Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |
| CVE-2017-15417 | Med | 5.3 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Aug 28, 2018 | Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2017-15416 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Aug 28, 2018 | Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read. | |
| CVE-2017-15415 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Aug 28, 2018 | Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page. | |
| CVE-2017-15413 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Aug 28, 2018 | Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2017-15412 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Aug 28, 2018 | Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2017-15411 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Aug 28, 2018 | Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |
| CVE-2017-15410 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Aug 28, 2018 | Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |
| CVE-2017-15409 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Aug 28, 2018 | Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2017-15408 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Aug 28, 2018 | Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium. | |
| CVE-2017-15407 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Aug 28, 2018 | Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server. | |
| CVE-2018-4117 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Apr 3, 2018 | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" | |
| CVE-2017-7000 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Apr 3, 2018 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cras |
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit"
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cras
Page 161 of 203