Vulnerabilities > Fedoraproject
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-02-19 | CVE-2019-5778 | Cross-site Scripting vulnerability in multiple products A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension. | 6.5 |
2019-02-19 | CVE-2019-5777 | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 6.5 |
2019-02-19 | CVE-2019-5776 | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 6.5 |
2019-02-19 | CVE-2019-5775 | Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 6.5 |
2019-02-19 | CVE-2019-5774 | Missing Authorization vulnerability in multiple products Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file. | 8.8 |
2019-02-19 | CVE-2019-5773 | Origin Validation Error vulnerability in multiple products Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. | 6.5 |
2019-02-19 | CVE-2019-5772 | Use After Free vulnerability in multiple products Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 8.8 |
2019-02-19 | CVE-2019-5771 | An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | 8.8 |
2019-02-19 | CVE-2019-5770 | Out-of-bounds Read vulnerability in multiple products Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 8.8 |
2019-02-19 | CVE-2019-5769 | Improper Input Validation vulnerability in multiple products Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |