rpm package
suse/chromium&distro=SUSE Package Hub 12 SP2
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2
Vulnerabilities (343)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-15413 | Hig | 8.8 | < 63.0.3239.84-40.1 | 63.0.3239.84-40.1 | Aug 28, 2018 | Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2017-15412 | Hig | 8.8 | < 63.0.3239.84-40.1 | 63.0.3239.84-40.1 | Aug 28, 2018 | Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2017-15411 | Hig | 8.8 | < 63.0.3239.84-40.1 | 63.0.3239.84-40.1 | Aug 28, 2018 | Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |
| CVE-2017-15410 | Hig | 8.8 | < 63.0.3239.84-40.1 | 63.0.3239.84-40.1 | Aug 28, 2018 | Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |
| CVE-2017-15409 | Hig | 8.8 | < 63.0.3239.84-40.1 | 63.0.3239.84-40.1 | Aug 28, 2018 | Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2017-15408 | Hig | 8.8 | < 63.0.3239.84-40.1 | 63.0.3239.84-40.1 | Aug 28, 2018 | Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium. | |
| CVE-2017-7000 | Hig | 8.8 | < 60.0.3112.78-26.1 | 60.0.3112.78-26.1 | Apr 3, 2018 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cras | |
| CVE-2017-5133 | Hig | 8.8 | < 63.0.3239.84-40.1 | 63.0.3239.84-40.1 | Feb 7, 2018 | Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file. | |
| CVE-2017-5132 | Hig | 8.8 | < 63.0.3239.84-40.1 | 63.0.3239.84-40.1 | Feb 7, 2018 | Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation. | |
| CVE-2017-5131 | Hig | 8.8 | < 63.0.3239.84-40.1 | 63.0.3239.84-40.1 | Feb 7, 2018 | An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write. | |
| CVE-2017-5130 | Hig | 8.8 | < 63.0.3239.84-40.1 | 63.0.3239.84-40.1 | Feb 7, 2018 | An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. | |
| CVE-2017-5129 | Hig | 8.8 | < 63.0.3239.84-40.1 | 63.0.3239.84-40.1 | Feb 7, 2018 | A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| CVE-2017-5128 | Hig | 8.8 | < 63.0.3239.84-40.1 | 63.0.3239.84-40.1 | Feb 7, 2018 | Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL. | |
| CVE-2017-5127 | Hig | 8.8 | < 63.0.3239.84-40.1 | 63.0.3239.84-40.1 | Feb 7, 2018 | Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |
| CVE-2017-5126 | Hig | 8.8 | < 63.0.3239.84-40.1 | 63.0.3239.84-40.1 | Feb 7, 2018 | A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |
| CVE-2017-5125 | Hig | 8.8 | < 63.0.3239.84-40.1 | 63.0.3239.84-40.1 | Feb 7, 2018 | Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2017-5124 | Med | 6.1 | < 63.0.3239.84-40.1 | 63.0.3239.84-40.1 | Feb 7, 2018 | Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page. | |
| CVE-2017-15395 | Med | 6.5 | < 63.0.3239.84-40.1 | 63.0.3239.84-40.1 | Feb 7, 2018 | A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference. | |
| CVE-2017-15394 | Med | 6.5 | < 63.0.3239.84-40.1 | 63.0.3239.84-40.1 | Feb 7, 2018 | Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension. | |
| CVE-2017-15393 | Hig | 8.8 | < 63.0.3239.84-40.1 | 63.0.3239.84-40.1 | Feb 7, 2018 | Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak. |
- affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1
Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1
Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1
Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.
- affected < 60.0.3112.78-26.1fixed 60.0.3112.78-26.1
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cras
- affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1
Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file.
- affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1
Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.
- affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1
An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.
- affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.
- affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1
A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1
Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL.
- affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1
Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1
A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1
Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.
- affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1
A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.
- affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.
- affected < 63.0.3239.84-40.1fixed 63.0.3239.84-40.1
Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.
Page 10 of 18