VYPR

rpm package

suse/chromium&distro=SUSE Package Hub 12 SP2

pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2

Vulnerabilities (343)

  • CVE-2017-15413HigAug 28, 2018
    affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1

    Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15412HigAug 28, 2018
    affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1

    Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15411HigAug 28, 2018
    affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1

    Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-15410HigAug 28, 2018
    affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1

    Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-15409HigAug 28, 2018
    affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1

    Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-15408HigAug 28, 2018
    affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1

    Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.

  • CVE-2017-7000HigApr 3, 2018
    affected < 60.0.3112.78-26.1fixed 60.0.3112.78-26.1

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cras

  • CVE-2017-5133HigFeb 7, 2018
    affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1

    Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file.

  • CVE-2017-5132HigFeb 7, 2018
    affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1

    Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.

  • CVE-2017-5131HigFeb 7, 2018
    affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1

    An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.

  • CVE-2017-5130HigFeb 7, 2018
    affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1

    An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

  • CVE-2017-5129HigFeb 7, 2018
    affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1

    A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5128HigFeb 7, 2018
    affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1

    Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL.

  • CVE-2017-5127HigFeb 7, 2018
    affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1

    Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-5126HigFeb 7, 2018
    affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1

    A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-5125HigFeb 7, 2018
    affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1

    Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2017-5124MedFeb 7, 2018
    affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1

    Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.

  • CVE-2017-15395MedFeb 7, 2018
    affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1

    A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.

  • CVE-2017-15394MedFeb 7, 2018
    affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1

    Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.

  • CVE-2017-15393HigFeb 7, 2018
    affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1

    Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.

Page 10 of 18