rpm package
suse/chromium&distro=SUSE Package Hub 15
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015
Vulnerabilities (210)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-5805 | — | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | Jun 27, 2019 | Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||
| CVE-2019-5786 | — | KEV | < 72.0.3626.121-bp150.2.37.1 | 72.0.3626.121-bp150.2.37.1 | Jun 27, 2019 | Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |
| CVE-2019-5784 | — | < 72.0.3626.96-bp150.2.32.1 | 72.0.3626.96-bp150.2.32.1 | Jun 27, 2019 | Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2018-20073 | — | < 75.0.3770.142-bp150.217.1 | 75.0.3770.142-bp150.217.1 | Jun 27, 2019 | Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem. | ||
| CVE-2019-5804 | — | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name. | ||
| CVE-2019-5803 | — | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||
| CVE-2019-5802 | — | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | ||
| CVE-2019-5801 | — | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | ||
| CVE-2019-5800 | — | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||
| CVE-2019-5799 | — | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||
| CVE-2019-5798 | — | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||
| CVE-2019-5796 | — | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2019-5795 | — | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. | ||
| CVE-2019-5794 | — | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | ||
| CVE-2019-5793 | — | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page. | ||
| CVE-2019-5792 | — | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. | ||
| CVE-2019-5791 | — | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||
| CVE-2019-5790 | — | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | ||
| CVE-2019-5789 | — | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. | ||
| CVE-2019-5788 | — | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | May 23, 2019 | An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. |
- CVE-2019-5805Jun 27, 2019affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- affected < 72.0.3626.121-bp150.2.37.1fixed 72.0.3626.121-bp150.2.37.1
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
- CVE-2019-5784Jun 27, 2019affected < 72.0.3626.96-bp150.2.32.1fixed 72.0.3626.96-bp150.2.32.1
Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2018-20073Jun 27, 2019affected < 75.0.3770.142-bp150.217.1fixed 75.0.3770.142-bp150.217.1
Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem.
- CVE-2019-5804May 23, 2019affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.
- CVE-2019-5803May 23, 2019affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
- CVE-2019-5802May 23, 2019affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
- CVE-2019-5801May 23, 2019affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
- CVE-2019-5800May 23, 2019affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
- CVE-2019-5799May 23, 2019affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
- CVE-2019-5798May 23, 2019affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- CVE-2019-5796May 23, 2019affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5795May 23, 2019affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.
- CVE-2019-5794May 23, 2019affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
- CVE-2019-5793May 23, 2019affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page.
- CVE-2019-5792May 23, 2019affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file.
- CVE-2019-5791May 23, 2019affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- CVE-2019-5790May 23, 2019affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
- CVE-2019-5789May 23, 2019affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
- CVE-2019-5788May 23, 2019affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Page 9 of 11