rpm package
suse/chromium&distro=SUSE Package Hub 12 SP2
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2
Vulnerabilities (343)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-5045 | Med | 6.1 | < 57.0.2987.98-8.1 | 57.0.2987.98-8.1 | Apr 24, 2017 | XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page. | |
| CVE-2017-5044 | Med | 6.3 | < 57.0.2987.98-8.1 | 57.0.2987.98-8.1 | Apr 24, 2017 | Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| CVE-2017-5043 | Hig | 8.8 | < 57.0.2987.98-8.1 | 57.0.2987.98-8.1 | Apr 24, 2017 | Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. | |
| CVE-2017-5042 | Med | 5.7 | < 57.0.2987.98-8.1 | 57.0.2987.98-8.1 | Apr 24, 2017 | Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent | |
| CVE-2017-5041 | Med | 4.3 | < 57.0.2987.98-8.1 | 57.0.2987.98-8.1 | Apr 24, 2017 | Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page. | |
| CVE-2017-5040 | Med | 4.3 | < 57.0.2987.98-8.1 | 57.0.2987.98-8.1 | Apr 24, 2017 | V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page. | |
| CVE-2017-5039 | Hig | 7.8 | < 57.0.2987.98-8.1 | 57.0.2987.98-8.1 | Apr 24, 2017 | A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |
| CVE-2017-5038 | Med | 6.3 | < 57.0.2987.98-8.1 | 57.0.2987.98-8.1 | Apr 24, 2017 | Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. | |
| CVE-2017-5037 | Hig | 7.8 | < 57.0.2987.98-8.1 | 57.0.2987.98-8.1 | Apr 24, 2017 | An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | |
| CVE-2017-5036 | Hig | 7.8 | < 57.0.2987.98-8.1 | 57.0.2987.98-8.1 | Apr 24, 2017 | A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file. | |
| CVE-2017-5035 | Hig | 8.1 | < 57.0.2987.98-8.1 | 57.0.2987.98-8.1 | Apr 24, 2017 | Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site. | |
| CVE-2017-5034 | Hig | 8.8 | < 57.0.2987.98-8.1 | 57.0.2987.98-8.1 | Apr 24, 2017 | A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | |
| CVE-2017-5033 | Med | 4.3 | < 57.0.2987.98-8.1 | 57.0.2987.98-8.1 | Apr 24, 2017 | Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the u | |
| CVE-2017-5032 | Hig | 8.8 | < 57.0.2987.98-8.1 | 57.0.2987.98-8.1 | Apr 24, 2017 | PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |
| CVE-2017-5031 | Hig | 8.8 | < 57.0.2987.98-8.1 | 57.0.2987.98-8.1 | Apr 24, 2017 | A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| CVE-2017-5030 | Hig | 8.8 | KEV | < 57.0.2987.98-8.1 | 57.0.2987.98-8.1 | Apr 24, 2017 | Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page. |
| CVE-2017-5029 | Hig | 8.8 | < 57.0.2987.98-8.1 | 57.0.2987.98-8.1 | Apr 24, 2017 | The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to pe | |
| CVE-2017-5026 | Med | 4.3 | < 56.0.2924.87-5.1 | 56.0.2924.87-5.1 | Feb 17, 2017 | Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page. | |
| CVE-2017-5025 | Med | 5.5 | < 56.0.2924.87-5.1 | 56.0.2924.87-5.1 | Feb 17, 2017 | FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. | |
| CVE-2017-5024 | Med | 5.5 | < 56.0.2924.87-5.1 | 56.0.2924.87-5.1 | Feb 17, 2017 | FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. |
- affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1
XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page.
- affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1
Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1
Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.
- affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1
Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent
- affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1
Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page.
- affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1
V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page.
- affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1
Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.
- affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
- affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file.
- affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1
Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site.
- affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
- affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1
Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the u
- affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1
PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1
A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page.
- affected < 57.0.2987.98-8.1fixed 57.0.2987.98-8.1
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to pe
- affected < 56.0.2924.87-5.1fixed 56.0.2924.87-5.1
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page.
- affected < 56.0.2924.87-5.1fixed 56.0.2924.87-5.1
FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
- affected < 56.0.2924.87-5.1fixed 56.0.2924.87-5.1
FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
Page 15 of 18