rpm package
opensuse/chromium&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
Vulnerabilities (4,053)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-5133 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Feb 7, 2018 | Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file. | |
| CVE-2017-5132 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Feb 7, 2018 | Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation. | |
| CVE-2017-5131 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Feb 7, 2018 | An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write. | |
| CVE-2017-5130 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Feb 7, 2018 | An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. | |
| CVE-2017-5129 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Feb 7, 2018 | A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| CVE-2017-5128 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Feb 7, 2018 | Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL. | |
| CVE-2017-5127 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Feb 7, 2018 | Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |
| CVE-2017-5126 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Feb 7, 2018 | A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |
| CVE-2017-5125 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Feb 7, 2018 | Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2017-5124 | Med | 6.1 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Feb 7, 2018 | Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page. | |
| CVE-2017-15395 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Feb 7, 2018 | A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference. | |
| CVE-2017-15394 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Feb 7, 2018 | Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension. | |
| CVE-2017-15393 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Feb 7, 2018 | Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak. | |
| CVE-2017-15392 | Med | 4.3 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Feb 7, 2018 | Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration. | |
| CVE-2017-15391 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Feb 7, 2018 | Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page. | |
| CVE-2017-15390 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Feb 7, 2018 | Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | |
| CVE-2017-15389 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Feb 7, 2018 | An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |
| CVE-2017-15388 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Feb 7, 2018 | Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| CVE-2017-15387 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Feb 7, 2018 | Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page. | |
| CVE-2017-15386 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Feb 7, 2018 | Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Page 162 of 203