VYPR

Chrome

by Google

Source repositories

CVEs (5,374)

  • CVE-2018-17459MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2018-16088MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page.

  • CVE-2018-16082MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.02

    An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

  • CVE-2018-16080MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    A missing check for popup window handling in Fullscreen in Google Chrome on macOS prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2018-16078MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.02

    Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

  • CVE-2018-16072MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

  • CVE-2018-16067MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-16066MedJan 9, 2019
    risk 0.42cvss 6.5epss 0.01

    A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18353MedDec 11, 2018
    risk 0.42cvss 6.5epss 0.01

    Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.

  • CVE-2018-18352MedDec 11, 2018
    risk 0.42cvss 6.5epss 0.01

    Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.

  • CVE-2018-18351MedDec 11, 2018
    risk 0.42cvss 6.5epss 0.03

    Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.

  • CVE-2018-18350MedDec 11, 2018
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.

  • CVE-2018-18349MedDec 11, 2018
    risk 0.42cvss 6.5epss 0.01

    Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.

  • CVE-2018-18346MedDec 11, 2018
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.

  • CVE-2018-18345MedDec 11, 2018
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.

  • CVE-2018-18344MedDec 11, 2018
    risk 0.42cvss 6.5epss 0.01

    Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension.

  • CVE-2018-6116MedDec 4, 2018
    risk 0.42cvss 6.5epss 0.01

    A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

  • CVE-2018-6115MedDec 4, 2018
    risk 0.42cvss 6.5epss 0.01

    Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page.

  • CVE-2018-6108MedDec 4, 2018
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.

  • CVE-2018-6107MedDec 4, 2018
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

Page 140 of 269