Total
3628 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16066 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-16065 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||
| CVE-2018-16064 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in Extensions API in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | |||||
| CVE-2018-10229 | 3 Google, Lg, Mozilla | 3 Chrome, Nexus 5, Firefox | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
| A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. | |||||
| CVE-2017-5133 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file. | |||||
| CVE-2017-5132 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation. | |||||
| CVE-2017-5131 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write. | |||||
| CVE-2017-5130 | 3 Debian, Google, Xmlsoft | 3 Debian Linux, Chrome, Libxml2 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. | |||||
| CVE-2017-5129 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2017-5128 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL. | |||||
| CVE-2017-5127 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2017-5126 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2017-5125 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2017-5124 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page. | |||||
| CVE-2017-5028 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in V8 in Google Chrome prior to 56.0.2924.76 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2017-15430 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | |||||
| CVE-2017-15429 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | |||||
| CVE-2017-15428 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||
| CVE-2017-15427 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. | |||||
| CVE-2017-15426 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | |||||