rpm package
suse/chromium&distro=SUSE Package Hub 12 SP2
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2
Vulnerabilities (343)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-6122 | Hig | 8.8 | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Nov 2, 2021 | Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2016-9652 | Cri | 9.8 | < 55.0.2883.75-2.1 | 55.0.2883.75-2.1 | Nov 20, 2019 | Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75. | |
| CVE-2019-5786 | Med | 6.5 | KEV | < 72.0.3626.121-bp150.2.37.1 | 72.0.3626.121-bp150.2.37.1 | Jun 27, 2019 | Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
| CVE-2019-5784 | Med | 6.5 | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Jun 27, 2019 | Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2018-6121 | Hig | 8.8 | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Jun 27, 2019 | Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page. | |
| CVE-2018-6118 | Hig | 8.8 | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Jun 27, 2019 | A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. | |
| CVE-2018-17478 | Hig | 8.8 | < 70.0.3538.102-74.1 | 70.0.3538.102-74.1 | Jun 27, 2019 | Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | |
| CVE-2018-5179 | Hig | 7.5 | < 70.0.3538.102-74.1 | 70.0.3538.102-74.1 | Apr 26, 2019 | A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60. | |
| CVE-2019-5782 | Hig | 8.8 | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |
| CVE-2019-5781 | Med | 6.5 | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |
| CVE-2019-5780 | Hig | 7.8 | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events. | |
| CVE-2019-5779 | Med | 4.3 | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |
| CVE-2019-5778 | Med | 6.5 | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome | |
| CVE-2019-5777 | Med | 6.5 | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |
| CVE-2019-5776 | Med | 6.5 | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |
| CVE-2019-5775 | Med | 6.5 | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |
| CVE-2019-5774 | Hig | 8.8 | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file. | |
| CVE-2019-5773 | Med | 6.5 | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. | |
| CVE-2019-5772 | Hig | 8.8 | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |
| CVE-2019-5771 | Hig | 8.8 | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page. |
- affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 55.0.2883.75-2.1fixed 55.0.2883.75-2.1
Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75.
- affected < 72.0.3626.121-bp150.2.37.1fixed 72.0.3626.121-bp150.2.37.1
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
- affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page.
- affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
- affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1
Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
- affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1
A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60.
- affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
- affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
- affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.
- affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome
- affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
- affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
- affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
- affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.
- affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
- affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Page 1 of 18