Vulnerabilities > Google > Chrome > 14.0.791.0

DATE CVE VULNERABILITY TITLE RISK
2019-01-09 CVE-2018-16072 Origin Validation Error vulnerability in Google Chrome
A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
network
low complexity
google CWE-346
6.5
2019-01-09 CVE-2018-16071 Use After Free vulnerability in multiple products
A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
network
low complexity
google redhat CWE-416
8.8
2019-01-09 CVE-2018-16068 Improper Input Validation vulnerability in multiple products
Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian redhat CWE-20
critical
9.6
2019-01-09 CVE-2018-16067 Use After Free vulnerability in multiple products
A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian redhat CWE-416
6.5
2019-01-09 CVE-2018-16066 Use After Free vulnerability in multiple products
A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian redhat CWE-416
6.5
2019-01-09 CVE-2018-16065 Use After Free vulnerability in multiple products
A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google debian redhat CWE-416
8.8
2019-01-09 CVE-2017-15428 Out-of-bounds Write vulnerability in Google Chrome
Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google CWE-787
8.8
2019-01-09 CVE-2017-15405 Race Condition vulnerability in Google Chrome
Inappropriate symlink handling and a race condition in the stateful recovery feature implementation could lead to a persistance established by a malicious code running with root privileges in cryptohomed in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page.
local
high complexity
google CWE-362
7.0
2019-01-09 CVE-2017-15404 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Google Chrome
An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted HTML page.
local
low complexity
google CWE-367
7.8
2019-01-09 CVE-2017-15403 Command Injection vulnerability in Google Chrome
Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page.
local
low complexity
google CWE-77
7.3