rpm package
suse/chromium&distro=SUSE Package Hub 12 SP2
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2
Vulnerabilities (343)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-6122 | — | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Nov 2, 2021 | Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2016-9652 | — | < 55.0.2883.75-2.1 | 55.0.2883.75-2.1 | Nov 20, 2019 | Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75. | ||
| CVE-2019-5786 | — | KEV | < 72.0.3626.121-bp150.2.37.1 | 72.0.3626.121-bp150.2.37.1 | Jun 27, 2019 | Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |
| CVE-2019-5784 | — | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Jun 27, 2019 | Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2018-6121 | — | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Jun 27, 2019 | Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page. | ||
| CVE-2018-6118 | — | < 66.0.3359.181-55.1 | 66.0.3359.181-55.1 | Jun 27, 2019 | A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. | ||
| CVE-2018-17478 | — | < 70.0.3538.102-74.1 | 70.0.3538.102-74.1 | Jun 27, 2019 | Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | ||
| CVE-2018-5179 | — | < 70.0.3538.102-74.1 | 70.0.3538.102-74.1 | Apr 26, 2019 | A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60. | ||
| CVE-2019-5782 | — | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | ||
| CVE-2019-5781 | — | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | ||
| CVE-2019-5780 | — | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events. | ||
| CVE-2019-5779 | — | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||
| CVE-2019-5778 | — | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome | ||
| CVE-2019-5777 | — | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | ||
| CVE-2019-5776 | — | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | ||
| CVE-2019-5775 | — | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | ||
| CVE-2019-5774 | — | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file. | ||
| CVE-2019-5773 | — | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. | ||
| CVE-2019-5772 | — | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||
| CVE-2019-5771 | — | < 72.0.3626.96-88.1 | 72.0.3626.96-88.1 | Feb 19, 2019 | An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page. |
- CVE-2018-6122Nov 2, 2021affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2016-9652Nov 20, 2019affected < 55.0.2883.75-2.1fixed 55.0.2883.75-2.1
Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75.
- affected < 72.0.3626.121-bp150.2.37.1fixed 72.0.3626.121-bp150.2.37.1
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
- CVE-2019-5784Jun 27, 2019affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2018-6121Jun 27, 2019affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page.
- CVE-2018-6118Jun 27, 2019affected < 66.0.3359.181-55.1fixed 66.0.3359.181-55.1
A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
- CVE-2018-17478Jun 27, 2019affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1
Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
- CVE-2018-5179Apr 26, 2019affected < 70.0.3538.102-74.1fixed 70.0.3538.102-74.1
A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60.
- CVE-2019-5782Feb 19, 2019affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
- CVE-2019-5781Feb 19, 2019affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
- CVE-2019-5780Feb 19, 2019affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.
- CVE-2019-5779Feb 19, 2019affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- CVE-2019-5778Feb 19, 2019affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome
- CVE-2019-5777Feb 19, 2019affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
- CVE-2019-5776Feb 19, 2019affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
- CVE-2019-5775Feb 19, 2019affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
- CVE-2019-5774Feb 19, 2019affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.
- CVE-2019-5773Feb 19, 2019affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
- CVE-2019-5772Feb 19, 2019affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2019-5771Feb 19, 2019affected < 72.0.3626.96-88.1fixed 72.0.3626.96-88.1
An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Page 1 of 18