VYPR

rpm package

suse/chromium&distro=SUSE Package Hub 12 SP2

pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2

Vulnerabilities (343)

  • CVE-2018-6064Nov 14, 2018
    affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1

    Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-6063Nov 14, 2018
    affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1

    Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.

  • CVE-2018-6062Nov 14, 2018
    affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1

    Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

  • CVE-2018-6061Nov 14, 2018
    affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1

    A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-6060Nov 14, 2018
    affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1

    Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-6057Nov 14, 2018
    affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1

    Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.

  • CVE-2018-17477Nov 14, 2018
    affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1

    Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page.

  • CVE-2018-17476Nov 14, 2018
    affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1

    Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.

  • CVE-2018-17475Nov 14, 2018
    affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1

    Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2018-17474Nov 14, 2018
    affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1

    Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-17473Nov 14, 2018
    affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1

    Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

  • CVE-2018-17472Nov 14, 2018
    affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1

    Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the sandbox via a crafted HTML page.

  • CVE-2018-17471Nov 14, 2018
    affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1

    Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.

  • CVE-2018-17469Nov 14, 2018
    affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1

    Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

  • CVE-2018-17468Nov 14, 2018
    affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1

    Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.

  • CVE-2018-17467Nov 14, 2018
    affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1

    Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2018-17466Nov 14, 2018
    affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1

    Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2018-17465Nov 14, 2018
    affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1

    Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

  • CVE-2018-17464Nov 14, 2018
    affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1

    Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2018-17463KEVNov 14, 2018
    affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1

    Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Page 7 of 18