Vulnerabilities > Google > Chrome > 18.0.1025.146

DATE CVE VULNERABILITY TITLE RISK
2017-10-27 CVE-2017-5107 Information Exposure Through Discrepancy vulnerability in multiple products
A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page.
network
high complexity
google redhat CWE-203
5.3
2017-10-27 CVE-2017-5106 Improper Input Validation vulnerability in multiple products
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
network
low complexity
google debian redhat CWE-20
6.5
2017-10-27 CVE-2017-5105 Improper Input Validation vulnerability in multiple products
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
network
low complexity
google debian redhat CWE-20
6.5
2017-10-27 CVE-2017-5104 Improper Input Validation vulnerability in multiple products
Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page.
network
low complexity
google debian redhat CWE-20
6.5
2017-10-27 CVE-2017-5103 Use of Uninitialized Resource vulnerability in multiple products
Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
network
low complexity
google debian redhat CWE-908
4.3
2017-10-27 CVE-2017-5102 Use of Uninitialized Resource vulnerability in multiple products
Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
network
low complexity
google debian redhat CWE-908
4.3
2017-10-27 CVE-2017-5101 Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.
network
low complexity
google debian redhat
6.5
2017-10-27 CVE-2017-5100 Use After Free vulnerability in multiple products
A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian redhat CWE-416
8.8
2017-10-27 CVE-2017-5099 Improper Input Validation vulnerability in multiple products
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page.
network
low complexity
google debian CWE-20
8.8
2017-10-27 CVE-2017-5098 Use After Free vulnerability in multiple products
A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian redhat CWE-416
8.8