Vulnerabilities > Google > Chrome > 10.0.604.0

DATE CVE VULNERABILITY TITLE RISK
2017-10-27 CVE-2017-5118 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
network
low complexity
google debian redhat CWE-732
4.3
2017-10-27 CVE-2017-5117 Information Exposure vulnerability in multiple products
Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
network
low complexity
google debian CWE-200
6.5
2017-10-27 CVE-2017-5116 Type Confusion vulnerability in multiple products
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google redhat debian CWE-843
8.8
2017-10-27 CVE-2017-5115 Incorrect Type Conversion or Cast vulnerability in Google Chrome
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
network
low complexity
google CWE-704
8.8
2017-10-27 CVE-2017-5114 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.
network
low complexity
google debian redhat CWE-119
8.8
2017-10-27 CVE-2017-5113 Out-of-bounds Write vulnerability in multiple products
Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian redhat CWE-787
8.8
2017-10-27 CVE-2017-5112 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome
Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google CWE-119
8.8
2017-10-27 CVE-2017-5111 Use After Free vulnerability in multiple products
A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.
network
low complexity
google redhat debian CWE-416
8.8
2017-10-27 CVE-2017-5110 Improper Input Validation vulnerability in multiple products
Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.
network
low complexity
google debian redhat CWE-20
6.5
2017-10-27 CVE-2017-5109 Improper Input Validation vulnerability in multiple products
Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.
network
low complexity
google debian redhat CWE-20
4.3