Vulnerabilities > Debian > Debian Linux > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-11 | CVE-2018-18354 | Improper Input Validation vulnerability in multiple products Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page. | 8.8 |
2018-12-11 | CVE-2018-18347 | Improper Input Validation vulnerability in multiple products Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page. | 8.8 |
2018-12-11 | CVE-2018-18343 | Use After Free vulnerability in multiple products Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2018-12-11 | CVE-2018-18342 | Out-of-bounds Write vulnerability in multiple products Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
2018-12-11 | CVE-2018-18341 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2018-12-11 | CVE-2018-18340 | Use After Free vulnerability in multiple products Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2018-12-11 | CVE-2018-18339 | Use After Free vulnerability in multiple products Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2018-12-11 | CVE-2018-18338 | Out-of-bounds Write vulnerability in multiple products Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2018-12-11 | CVE-2018-18337 | Use After Free vulnerability in multiple products Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2018-12-11 | CVE-2018-18336 | Use After Free vulnerability in multiple products Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 8.8 |