rpm package
suse/chromium&distro=SUSE Package Hub 12 SP3
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP3
Vulnerabilities (241)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-5807 | Hig | 8.8 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | Jun 27, 2019 | Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-5806 | Hig | 8.8 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | Jun 27, 2019 | Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-5805 | Med | 6.5 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | Jun 27, 2019 | Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |
| CVE-2018-20073 | Med | 5.5 | < 75.0.3770.142-bp150.217.1 | 75.0.3770.142-bp150.217.1 | Jun 27, 2019 | Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem. | |
| CVE-2019-5804 | Med | 5.5 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name. | |
| CVE-2019-5803 | Med | 6.5 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |
| CVE-2019-5802 | Med | 6.5 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |
| CVE-2019-5801 | Med | 6.5 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |
| CVE-2019-5800 | Med | 6.5 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |
| CVE-2019-5799 | Med | 6.5 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |
| CVE-2019-5798 | Med | 6.5 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| CVE-2019-5796 | Hig | 7.5 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-5795 | Hig | 8.8 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. | |
| CVE-2019-5794 | Med | 6.5 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |
| CVE-2019-5793 | Med | 6.5 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page. | |
| CVE-2019-5792 | Hig | 8.8 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. | |
| CVE-2019-5791 | Hig | 8.8 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| CVE-2019-5790 | Hig | 8.8 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |
| CVE-2019-5789 | Hig | 8.8 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. | |
| CVE-2019-5788 | Hig | 8.8 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. |
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- affected < 75.0.3770.142-bp150.217.1fixed 75.0.3770.142-bp150.217.1
Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem.
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Page 12 of 13