Vulnerabilities > Google > Chrome > 16.0.912.25

DATE CVE VULNERABILITY TITLE RISK
2019-01-09 CVE-2018-6123 Use After Free vulnerability in multiple products
A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian redhat CWE-416
6.5
2019-01-09 CVE-2018-6120 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
network
low complexity
google debian redhat CWE-190
8.8
2019-01-09 CVE-2018-6117 Information Exposure vulnerability in multiple products
Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
network
low complexity
google debian redhat CWE-200
6.5
2019-01-09 CVE-2018-6114 Improper Input Validation vulnerability in multiple products
Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.
network
low complexity
google debian redhat CWE-20
6.5
2019-01-09 CVE-2018-6113 Improper Input Validation vulnerability in multiple products
Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
network
low complexity
google debian redhat CWE-20
6.5
2019-01-09 CVE-2018-6112 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google debian redhat CWE-706
4.3
2019-01-09 CVE-2018-6111 Improper Input Validation vulnerability in multiple products
An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.
network
low complexity
google debian redhat CWE-20
8.8
2019-01-09 CVE-2018-6110 Improper Input Validation vulnerability in multiple products
Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page.
network
low complexity
google debian redhat CWE-20
5.4
2019-01-09 CVE-2018-6109 Information Exposure vulnerability in multiple products
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.
network
low complexity
google debian redhat CWE-200
6.5
2019-01-09 CVE-2018-6106 Data Processing Errors vulnerability in multiple products
An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page.
network
low complexity
google debian redhat CWE-19
8.8