VYPR

rpm package

suse/chromium&distro=SUSE Package Hub 12 SP2

pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2

Vulnerabilities (343)

  • CVE-2017-5112HigOct 27, 2017
    affected < 61.0.3163.79-29.1fixed 61.0.3163.79-29.1

    Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2017-5111HigOct 27, 2017
    affected < 61.0.3163.79-29.1fixed 61.0.3163.79-29.1

    A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

  • CVE-2017-5110MedOct 27, 2017
    affected < 60.0.3112.78-26.1fixed 60.0.3112.78-26.1

    Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.

  • CVE-2017-5109MedOct 27, 2017
    affected < 60.0.3112.78-26.1fixed 60.0.3112.78-26.1

    Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.

  • CVE-2017-5108HigOct 27, 2017
    affected < 60.0.3112.78-26.1fixed 60.0.3112.78-26.1

    Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file.

  • CVE-2017-5107MedOct 27, 2017
    affected < 60.0.3112.78-26.1fixed 60.0.3112.78-26.1

    A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page.

  • CVE-2017-5106MedOct 27, 2017
    affected < 60.0.3112.78-26.1fixed 60.0.3112.78-26.1

    Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-5105MedOct 27, 2017
    affected < 60.0.3112.78-26.1fixed 60.0.3112.78-26.1

    Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

  • CVE-2017-5104MedOct 27, 2017
    affected < 60.0.3112.78-26.1fixed 60.0.3112.78-26.1

    Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page.

  • CVE-2017-5103MedOct 27, 2017
    affected < 60.0.3112.78-26.1fixed 60.0.3112.78-26.1

    Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2017-5102MedOct 27, 2017
    affected < 60.0.3112.78-26.1fixed 60.0.3112.78-26.1

    Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2017-5101MedOct 27, 2017
    affected < 60.0.3112.78-26.1fixed 60.0.3112.78-26.1

    Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.

  • CVE-2017-5100HigOct 27, 2017
    affected < 60.0.3112.78-26.1fixed 60.0.3112.78-26.1

    A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5099HigOct 27, 2017
    affected < 60.0.3112.78-26.1fixed 60.0.3112.78-26.1

    Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page.

  • CVE-2017-5098HigOct 27, 2017
    affected < 60.0.3112.78-26.1fixed 60.0.3112.78-26.1

    A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5097HigOct 27, 2017
    affected < 60.0.3112.78-26.1fixed 60.0.3112.78-26.1

    Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5096MedOct 27, 2017
    affected < 60.0.3112.78-26.1fixed 60.0.3112.78-26.1

    Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents.

  • CVE-2017-5095HigOct 27, 2017
    affected < 60.0.3112.78-26.1fixed 60.0.3112.78-26.1

    Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file.

  • CVE-2017-5094MedOct 27, 2017
    affected < 60.0.3112.78-26.1fixed 60.0.3112.78-26.1

    Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page.

  • CVE-2017-5093MedOct 27, 2017
    affected < 60.0.3112.78-26.1fixed 60.0.3112.78-26.1

    Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page.

Page 12 of 18