rpm package
opensuse/chromium&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
Vulnerabilities (4,053)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-5105 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Oct 27, 2017 | Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | |
| CVE-2017-5104 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Oct 27, 2017 | Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page. | |
| CVE-2017-5103 | Med | 4.3 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Oct 27, 2017 | Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |
| CVE-2017-5102 | Med | 4.3 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Oct 27, 2017 | Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |
| CVE-2017-5101 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Oct 27, 2017 | Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. | |
| CVE-2017-5100 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Oct 27, 2017 | A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| CVE-2017-5099 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Oct 27, 2017 | Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page. | |
| CVE-2017-5098 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Oct 27, 2017 | A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| CVE-2017-5097 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Oct 27, 2017 | Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| CVE-2017-5096 | Med | 4.3 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Oct 27, 2017 | Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents. | |
| CVE-2017-5095 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Oct 27, 2017 | Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file. | |
| CVE-2017-5094 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Oct 27, 2017 | Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page. | |
| CVE-2017-5093 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Oct 27, 2017 | Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page. | |
| CVE-2017-5092 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Oct 27, 2017 | Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |
| CVE-2017-5091 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Oct 27, 2017 | A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| CVE-2017-5089 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Oct 27, 2017 | Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name. | |
| CVE-2017-5088 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Oct 27, 2017 | Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |
| CVE-2017-5087 | Hig | 8.8 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Oct 27, 2017 | A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape. | |
| CVE-2017-5086 | Med | 6.5 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Oct 27, 2017 | Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | |
| CVE-2017-5085 | Med | 6.1 | < 93.0.4577.82-1.1 | 93.0.4577.82-1.1 | Oct 27, 2017 | Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark. |
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
- affected < 93.0.4577.82-1.1fixed 93.0.4577.82-1.1
Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark.
Page 164 of 203