Google Chrome Prior To 60.0.3112.78 For Mac, Windows, Linux And Android
Sign in to watchby N/A
CVEs (8)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-5108 | Hig | 0.57 | 8.8 | 0.00 | Oct 27, 2017 | Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file. | |
| CVE-2017-5098 | Hig | 0.57 | 8.8 | 0.03 | Oct 27, 2017 | A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |
| CVE-2017-5110 | Med | 0.42 | 6.5 | 0.01 | Oct 27, 2017 | Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. | |
| CVE-2017-5106 | Med | 0.42 | 6.5 | 0.01 | Oct 27, 2017 | Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | |
| CVE-2017-5105 | Med | 0.42 | 6.5 | 0.01 | Oct 27, 2017 | Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | |
| CVE-2017-5094 | Med | 0.42 | 6.5 | 0.01 | Oct 27, 2017 | Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page. | |
| CVE-2017-5093 | Med | 0.42 | 6.5 | 0.01 | Oct 27, 2017 | Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page. | |
| CVE-2017-5102 | Med | 0.28 | 4.3 | 0.01 | Oct 27, 2017 | Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |