VYPR

rpm package

suse/chromium&distro=SUSE Package Hub 12 SP2

pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2

Vulnerabilities (343)

  • CVE-2017-5045MedApr 24, 2017
    affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1

    XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page.

  • CVE-2017-5044MedApr 24, 2017
    affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1

    Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5043HigApr 24, 2017
    affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1

    Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.

  • CVE-2017-5042MedApr 24, 2017
    affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1

    Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent

  • CVE-2017-5041MedApr 24, 2017
    affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1

    Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page.

  • CVE-2017-5040MedApr 24, 2017
    affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1

    V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page.

  • CVE-2017-5039HigApr 24, 2017
    affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1

    A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-5038MedApr 24, 2017
    affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1

    Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.

  • CVE-2017-5037HigApr 24, 2017
    affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1

    An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

  • CVE-2017-5036HigApr 24, 2017
    affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1

    A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file.

  • CVE-2017-5035HigApr 24, 2017
    affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1

    Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site.

  • CVE-2017-5034HigApr 24, 2017
    affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1

    A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

  • CVE-2017-5033MedApr 24, 2017
    affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1

    Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the u

  • CVE-2017-5032HigApr 24, 2017
    affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1

    PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-5031HigApr 24, 2017
    affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1

    A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2017-5030HigKEVApr 24, 2017
    affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1

    Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.

  • CVE-2017-5029HigApr 24, 2017
    affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1

    The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to pe

  • CVE-2017-5026MedFeb 17, 2017
    affected < 56.0.2924.87-5.1fixed 56.0.2924.87-5.1

    Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page.

  • CVE-2017-5025MedFeb 17, 2017
    affected < 56.0.2924.87-5.1fixed 56.0.2924.87-5.1

    FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

  • CVE-2017-5024MedFeb 17, 2017
    affected < 56.0.2924.87-5.1fixed 56.0.2924.87-5.1

    FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

Page 15 of 18