VYPR

Chrome

by Google

Source repositories

CVEs (5,401)

  • CVE-2018-20065HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.01

    Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file.

  • CVE-2018-17461HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.01

    An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

  • CVE-2018-17458HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2018-17457HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    An object lifecycle issue in Blink could lead to a use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2018-16085HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    A use after free in ResourceCoordinator in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-16076HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.01

    Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

  • CVE-2018-16065HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.03

    A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2017-15401HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.02

    A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in WebAssembly in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2016-10403HigJan 9, 2019
    risk 0.57cvss 8.8epss 0.01

    Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

  • CVE-2018-18359HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.01

    Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2018-18356HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.03

    An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18354HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.01

    Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.

  • CVE-2018-18347HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.01

    Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.

  • CVE-2018-18343HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.01

    Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18342HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.03

    Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

  • CVE-2018-18341HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.01

    An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18340HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.01

    Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18339HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.01

    Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18338HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.01

    Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

  • CVE-2018-18337HigDec 11, 2018
    risk 0.57cvss 8.8epss 0.02

    Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Page 82 of 271