VYPR

Chrome

by Google

Source repositories

CVEs (5,374)

  • CVE-2018-6105MedDec 4, 2018
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

  • CVE-2018-6104MedDec 4, 2018
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

  • CVE-2018-6103MedDec 4, 2018
    risk 0.42cvss 6.5epss 0.01

    A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.

  • CVE-2018-6099MedDec 4, 2018
    risk 0.42cvss 6.5epss 0.02

    A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.

  • CVE-2018-6098MedDec 4, 2018
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

  • CVE-2018-6095MedDec 4, 2018
    risk 0.42cvss 6.5epss 0.02

    Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page.

  • CVE-2018-6089MedDec 4, 2018
    risk 0.42cvss 6.5epss 0.02

    A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.

  • CVE-2018-6080MedNov 14, 2018
    risk 0.42cvss 6.5epss 0.01

    Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .

  • CVE-2018-6079MedNov 14, 2018
    risk 0.42cvss 6.5epss 0.02

    Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2018-6077MedNov 14, 2018
    risk 0.42cvss 6.5epss 0.02

    Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2018-6075MedNov 14, 2018
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction.

  • CVE-2018-6069MedNov 14, 2018
    risk 0.42cvss 6.5epss 0.02

    Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2018-6066MedNov 14, 2018
    risk 0.42cvss 6.5epss 0.03

    Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2018-17468MedNov 14, 2018
    risk 0.42cvss 6.5epss 0.01

    Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.

  • CVE-2018-6119MedSep 25, 2018
    risk 0.42cvss 6.5epss 0.01

    Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2018-6050MedSep 25, 2018
    risk 0.42cvss 6.5epss 0.01

    Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

  • CVE-2018-6049MedSep 25, 2018
    risk 0.42cvss 6.5epss 0.01

    Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.

  • CVE-2018-6045MedSep 25, 2018
    risk 0.42cvss 6.5epss 0.02

    Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.

  • CVE-2018-6040MedSep 25, 2018
    risk 0.42cvss 6.5epss 0.01

    Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.

  • CVE-2018-6038MedSep 25, 2018
    risk 0.42cvss 6.5epss 0.02

    Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Page 141 of 269