rpm package
suse/chromium&distro=SUSE Package Hub 15
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015
Vulnerabilities (210)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-5797 | Hig | 7.5 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | Sep 29, 2022 | Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-5815 | Hig | 7.5 | < 75.0.3770.90-bp150.213.3 | 75.0.3770.90-bp150.213.3 | Dec 11, 2019 | Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. | |
| CVE-2019-13764 | Hig | 8.8 | < 79.0.3945.79-bp150.252.1 | 79.0.3945.79-bp150.252.1 | Dec 10, 2019 | Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-13763 | Med | 4.3 | < 79.0.3945.79-bp150.252.1 | 79.0.3945.79-bp150.252.1 | Dec 10, 2019 | Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. | |
| CVE-2019-13762 | Low | 3.3 | < 79.0.3945.79-bp150.252.1 | 79.0.3945.79-bp150.252.1 | Dec 10, 2019 | Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code. | |
| CVE-2019-13761 | Med | 4.3 | < 79.0.3945.79-bp150.252.1 | 79.0.3945.79-bp150.252.1 | Dec 10, 2019 | Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |
| CVE-2019-13759 | Med | 4.3 | < 79.0.3945.79-bp150.252.1 | 79.0.3945.79-bp150.252.1 | Dec 10, 2019 | Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |
| CVE-2019-13758 | Med | 4.3 | < 79.0.3945.79-bp150.252.1 | 79.0.3945.79-bp150.252.1 | Dec 10, 2019 | Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |
| CVE-2019-13757 | Med | 4.3 | < 79.0.3945.79-bp150.252.1 | 79.0.3945.79-bp150.252.1 | Dec 10, 2019 | Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |
| CVE-2019-13756 | Med | 4.3 | < 79.0.3945.79-bp150.252.1 | 79.0.3945.79-bp150.252.1 | Dec 10, 2019 | Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |
| CVE-2019-13755 | Med | 4.3 | < 79.0.3945.79-bp150.252.1 | 79.0.3945.79-bp150.252.1 | Dec 10, 2019 | Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page. | |
| CVE-2019-13754 | Med | 4.3 | < 79.0.3945.79-bp150.252.1 | 79.0.3945.79-bp150.252.1 | Dec 10, 2019 | Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |
| CVE-2019-13753 | Med | 6.5 | < 79.0.3945.79-bp150.252.1 | 79.0.3945.79-bp150.252.1 | Dec 10, 2019 | Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |
| CVE-2019-13752 | Med | 6.5 | < 79.0.3945.79-bp150.252.1 | 79.0.3945.79-bp150.252.1 | Dec 10, 2019 | Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |
| CVE-2019-13751 | Med | 6.5 | < 79.0.3945.79-bp150.252.1 | 79.0.3945.79-bp150.252.1 | Dec 10, 2019 | Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |
| CVE-2019-13750 | Med | 6.5 | < 79.0.3945.79-bp150.252.1 | 79.0.3945.79-bp150.252.1 | Dec 10, 2019 | Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. | |
| CVE-2019-13749 | Med | 6.5 | < 79.0.3945.79-bp150.252.1 | 79.0.3945.79-bp150.252.1 | Dec 10, 2019 | Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |
| CVE-2019-13748 | Med | 6.5 | < 79.0.3945.79-bp150.252.1 | 79.0.3945.79-bp150.252.1 | Dec 10, 2019 | Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |
| CVE-2019-13747 | Hig | 8.8 | < 79.0.3945.79-bp150.252.1 | 79.0.3945.79-bp150.252.1 | Dec 10, 2019 | Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-13746 | Med | 6.5 | < 79.0.3945.79-bp150.252.1 | 79.0.3945.79-bp150.252.1 | Dec 10, 2019 | Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 75.0.3770.90-bp150.213.3fixed 75.0.3770.90-bp150.213.3
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
- affected < 79.0.3945.79-bp150.252.1fixed 79.0.3945.79-bp150.252.1
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 79.0.3945.79-bp150.252.1fixed 79.0.3945.79-bp150.252.1
Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
- affected < 79.0.3945.79-bp150.252.1fixed 79.0.3945.79-bp150.252.1
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.
- affected < 79.0.3945.79-bp150.252.1fixed 79.0.3945.79-bp150.252.1
Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- affected < 79.0.3945.79-bp150.252.1fixed 79.0.3945.79-bp150.252.1
Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
- affected < 79.0.3945.79-bp150.252.1fixed 79.0.3945.79-bp150.252.1
Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- affected < 79.0.3945.79-bp150.252.1fixed 79.0.3945.79-bp150.252.1
Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
- affected < 79.0.3945.79-bp150.252.1fixed 79.0.3945.79-bp150.252.1
Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
- affected < 79.0.3945.79-bp150.252.1fixed 79.0.3945.79-bp150.252.1
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.
- affected < 79.0.3945.79-bp150.252.1fixed 79.0.3945.79-bp150.252.1
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- affected < 79.0.3945.79-bp150.252.1fixed 79.0.3945.79-bp150.252.1
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- affected < 79.0.3945.79-bp150.252.1fixed 79.0.3945.79-bp150.252.1
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- affected < 79.0.3945.79-bp150.252.1fixed 79.0.3945.79-bp150.252.1
Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- affected < 79.0.3945.79-bp150.252.1fixed 79.0.3945.79-bp150.252.1
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.
- affected < 79.0.3945.79-bp150.252.1fixed 79.0.3945.79-bp150.252.1
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- affected < 79.0.3945.79-bp150.252.1fixed 79.0.3945.79-bp150.252.1
Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- affected < 79.0.3945.79-bp150.252.1fixed 79.0.3945.79-bp150.252.1
Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- affected < 79.0.3945.79-bp150.252.1fixed 79.0.3945.79-bp150.252.1
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Page 1 of 11