rpm package
suse/chromium&distro=SUSE Package Hub 12
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012
Vulnerabilities (132)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-6031 | Hig | 8.8 | < 64.0.3282.119-46.2 | 64.0.3282.119-46.2 | Sep 25, 2018 | Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |
| CVE-2017-15420 | Med | 6.5 | < 64.0.3282.119-46.2 | 64.0.3282.119-46.2 | Aug 28, 2018 | Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |
| CVE-2018-6406 | Hig | 8.8 | < 64.0.3282.140-49.1 | 64.0.3282.140-49.1 | Jan 30, 2018 | The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read an | |
| CVE-2016-5178 | Cri | 9.8 | < 53.0.2785.143-106.1 | 53.0.2785.143-106.1 | May 23, 2017 | Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | |
| CVE-2016-5177 | Hig | 8.8 | < 53.0.2785.143-106.1 | 53.0.2785.143-106.1 | May 23, 2017 | Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. | |
| CVE-2016-5198 | Hig | 8.8 | KEV | < 54.0.2840.90-112.1 | 54.0.2840.90-112.1 | Jan 19, 2017 | V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafte |
| CVE-2016-5193 | Med | 4.3 | < 54.0.2840.59-109.1 | 54.0.2840.59-109.1 | Dec 18, 2016 | Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages. | |
| CVE-2016-5192 | Med | 6.5 | < 54.0.2840.59-109.1 | 54.0.2840.59-109.1 | Dec 18, 2016 | Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages. | |
| CVE-2016-5191 | Med | 6.1 | < 54.0.2840.59-109.1 | 54.0.2840.59-109.1 | Dec 18, 2016 | Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an in | |
| CVE-2016-5190 | Med | 6.3 | < 54.0.2840.59-109.1 | 54.0.2840.59-109.1 | Dec 18, 2016 | Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages. | |
| CVE-2016-5189 | Med | 6.5 | < 54.0.2840.59-109.1 | 54.0.2840.59-109.1 | Dec 18, 2016 | Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. | |
| CVE-2016-5188 | Med | 4.3 | < 54.0.2840.59-109.1 | 54.0.2840.59-109.1 | Dec 18, 2016 | Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages. | |
| CVE-2016-5187 | Med | 6.5 | < 54.0.2840.59-109.1 | 54.0.2840.59-109.1 | Dec 18, 2016 | Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. | |
| CVE-2016-5186 | Med | 5.3 | < 54.0.2840.59-109.1 | 54.0.2840.59-109.1 | Dec 18, 2016 | Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files. | |
| CVE-2016-5185 | Hig | 8.8 | < 54.0.2840.59-109.1 | 54.0.2840.59-109.1 | Dec 18, 2016 | Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages. | |
| CVE-2016-5184 | Hig | 8.8 | < 54.0.2840.59-109.1 | 54.0.2840.59-109.1 | Dec 18, 2016 | PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files. | |
| CVE-2016-5183 | Hig | 8.8 | < 54.0.2840.59-109.1 | 54.0.2840.59-109.1 | Dec 18, 2016 | A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files. | |
| CVE-2016-5182 | Hig | 8.8 | < 54.0.2840.59-109.1 | 54.0.2840.59-109.1 | Dec 18, 2016 | Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages. | |
| CVE-2016-5181 | Med | 6.1 | < 54.0.2840.59-109.1 | 54.0.2840.59-109.1 | Dec 18, 2016 | Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages. | |
| CVE-2016-5175 | Hig | 8.8 | < 53.0.2785.113-100.1 | 53.0.2785.113-100.1 | Sep 25, 2016 | Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. |
- affected < 64.0.3282.119-46.2fixed 64.0.3282.119-46.2
Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- affected < 64.0.3282.119-46.2fixed 64.0.3282.119-46.2
Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- affected < 64.0.3282.140-49.1fixed 64.0.3282.140-49.1
The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read an
- affected < 53.0.2785.143-106.1fixed 53.0.2785.143-106.1
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
- affected < 53.0.2785.143-106.1fixed 53.0.2785.143-106.1
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.
- affected < 54.0.2840.90-112.1fixed 54.0.2840.90-112.1
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafte
- affected < 54.0.2840.59-109.1fixed 54.0.2840.59-109.1
Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages.
- affected < 54.0.2840.59-109.1fixed 54.0.2840.59-109.1
Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.
- affected < 54.0.2840.59-109.1fixed 54.0.2840.59-109.1
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an in
- affected < 54.0.2840.59-109.1fixed 54.0.2840.59-109.1
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
- affected < 54.0.2840.59-109.1fixed 54.0.2840.59-109.1
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.
- affected < 54.0.2840.59-109.1fixed 54.0.2840.59-109.1
Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages.
- affected < 54.0.2840.59-109.1fixed 54.0.2840.59-109.1
Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.
- affected < 54.0.2840.59-109.1fixed 54.0.2840.59-109.1
Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.
- affected < 54.0.2840.59-109.1fixed 54.0.2840.59-109.1
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
- affected < 54.0.2840.59-109.1fixed 54.0.2840.59-109.1
PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files.
- affected < 54.0.2840.59-109.1fixed 54.0.2840.59-109.1
A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.
- affected < 54.0.2840.59-109.1fixed 54.0.2840.59-109.1
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.
- affected < 54.0.2840.59-109.1fixed 54.0.2840.59-109.1
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages.
- affected < 53.0.2785.113-100.1fixed 53.0.2785.113-100.1
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Page 4 of 7