Chrome
by Google
Source repositories
CVEs (5,373)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-18357 | Med | 0.28 | 4.3 | 0.01 | Dec 11, 2018 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | ||
| CVE-2018-18355 | Med | 0.28 | 4.3 | 0.01 | Dec 11, 2018 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | ||
| CVE-2018-18348 | Med | 0.28 | 4.3 | 0.01 | Dec 11, 2018 | Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | ||
| CVE-2018-6102 | Med | 0.28 | 4.3 | 0.01 | Dec 4, 2018 | Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | ||
| CVE-2018-6078 | Med | 0.28 | 4.3 | 0.01 | Nov 14, 2018 | Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | ||
| CVE-2018-6068 | Med | 0.28 | 4.3 | 0.01 | Nov 14, 2018 | Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||
| CVE-2018-17477 | Med | 0.28 | 4.3 | 0.01 | Nov 14, 2018 | Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page. | ||
| CVE-2018-17476 | Med | 0.28 | 4.3 | 0.01 | Nov 14, 2018 | Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. | ||
| CVE-2018-17475 | Med | 0.28 | 4.3 | 0.01 | Nov 14, 2018 | Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||
| CVE-2018-17473 | Med | 0.28 | 4.3 | 0.01 | Nov 14, 2018 | Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | ||
| CVE-2018-17471 | Med | 0.28 | 4.3 | 0.01 | Nov 14, 2018 | Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. | ||
| CVE-2018-17467 | Med | 0.28 | 4.3 | 0.01 | Nov 14, 2018 | Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||
| CVE-2018-17464 | Med | 0.28 | 4.3 | 0.01 | Nov 14, 2018 | Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||
| CVE-2018-6052 | Med | 0.28 | 4.3 | 0.01 | Sep 25, 2018 | Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data. | ||
| CVE-2018-6051 | Med | 0.28 | 4.3 | 0.01 | Sep 25, 2018 | XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page. | ||
| CVE-2018-6048 | Med | 0.28 | 4.3 | 0.01 | Sep 25, 2018 | Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page. | ||
| CVE-2018-6047 | Med | 0.28 | 4.3 | 0.01 | Sep 25, 2018 | Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page. | ||
| CVE-2018-6042 | Med | 0.28 | 4.3 | 0.01 | Sep 25, 2018 | Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||
| CVE-2018-6041 | Med | 0.28 | 4.3 | 0.01 | Sep 25, 2018 | Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||
| CVE-2017-15430 | Med | 0.28 | 4.3 | 0.01 | Aug 28, 2018 | Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. |
- risk 0.28cvss 4.3epss 0.01
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
- risk 0.28cvss 4.3epss 0.01
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
- risk 0.28cvss 4.3epss 0.01
Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
- risk 0.28cvss 4.3epss 0.01
Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
- risk 0.28cvss 4.3epss 0.01
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
- risk 0.28cvss 4.3epss 0.01
Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
- risk 0.28cvss 4.3epss 0.01
Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.
- risk 0.28cvss 4.3epss 0.01
XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- risk 0.28cvss 4.3epss 0.01
Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
Page 172 of 269