rpm package
suse/chromium&distro=SUSE Package Hub 12 SP2
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2
Vulnerabilities (343)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-6064 | — | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Nov 14, 2018 | Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2018-6063 | — | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Nov 14, 2018 | Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. | ||
| CVE-2018-6062 | — | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Nov 14, 2018 | Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | ||
| CVE-2018-6061 | — | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Nov 14, 2018 | A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2018-6060 | — | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Nov 14, 2018 | Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2018-6057 | — | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Nov 14, 2018 | Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page. | ||
| CVE-2018-17477 | — | < 70.0.3538.102-74.1 | 70.0.3538.102-74.1 | Nov 14, 2018 | Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page. | ||
| CVE-2018-17476 | — | < 70.0.3538.102-74.1 | 70.0.3538.102-74.1 | Nov 14, 2018 | Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. | ||
| CVE-2018-17475 | — | < 70.0.3538.102-74.1 | 70.0.3538.102-74.1 | Nov 14, 2018 | Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||
| CVE-2018-17474 | — | < 70.0.3538.102-74.1 | 70.0.3538.102-74.1 | Nov 14, 2018 | Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2018-17473 | — | < 70.0.3538.102-74.1 | 70.0.3538.102-74.1 | Nov 14, 2018 | Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | ||
| CVE-2018-17472 | — | < 70.0.3538.102-74.1 | 70.0.3538.102-74.1 | Nov 14, 2018 | Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the sandbox via a crafted HTML page. | ||
| CVE-2018-17471 | — | < 70.0.3538.102-74.1 | 70.0.3538.102-74.1 | Nov 14, 2018 | Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. | ||
| CVE-2018-17469 | — | < 70.0.3538.102-74.1 | 70.0.3538.102-74.1 | Nov 14, 2018 | Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | ||
| CVE-2018-17468 | — | < 70.0.3538.102-74.1 | 70.0.3538.102-74.1 | Nov 14, 2018 | Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. | ||
| CVE-2018-17467 | — | < 70.0.3538.102-74.1 | 70.0.3538.102-74.1 | Nov 14, 2018 | Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||
| CVE-2018-17466 | — | < 70.0.3538.102-74.1 | 70.0.3538.102-74.1 | Nov 14, 2018 | Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||
| CVE-2018-17465 | — | < 70.0.3538.102-74.1 | 70.0.3538.102-74.1 | Nov 14, 2018 | Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | ||
| CVE-2018-17464 | — | < 70.0.3538.102-74.1 | 70.0.3538.102-74.1 | Nov 14, 2018 | Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||
| CVE-2018-17463 | — | KEV | < 70.0.3538.102-74.1 | 70.0.3538.102-74.1 | Nov 14, 2018 | Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
- CVE-2018-6064Nov 14, 2018affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2018-6063Nov 14, 2018affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
- CVE-2018-6062Nov 14, 2018affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
- CVE-2018-6061Nov 14, 2018affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2018-6060Nov 14, 2018affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2018-6057Nov 14, 2018affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.
- CVE-2018-17477Nov 14, 2018affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1
Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page.
- CVE-2018-17476Nov 14, 2018affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1
Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
- CVE-2018-17475Nov 14, 2018affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- CVE-2018-17474Nov 14, 2018affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1
Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2018-17473Nov 14, 2018affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
- CVE-2018-17472Nov 14, 2018affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the sandbox via a crafted HTML page.
- CVE-2018-17471Nov 14, 2018affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1
Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
- CVE-2018-17469Nov 14, 2018affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1
Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
- CVE-2018-17468Nov 14, 2018affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.
- CVE-2018-17467Nov 14, 2018affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1
Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- CVE-2018-17466Nov 14, 2018affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- CVE-2018-17465Nov 14, 2018affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1
Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
- CVE-2018-17464Nov 14, 2018affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Page 7 of 18