Vulnerabilities > Google > Chrome > 25.0.1364.122

DATE CVE VULNERABILITY TITLE RISK
2019-01-09 CVE-2018-6143 Out-of-bounds Read vulnerability in multiple products
Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian redhat CWE-125
6.5
2019-01-09 CVE-2018-6141 Out-of-bounds Read vulnerability in multiple products
Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian redhat CWE-125
8.8
2019-01-09 CVE-2018-6140 Improper Input Validation vulnerability in multiple products
Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
network
low complexity
google debian redhat CWE-20
8.8
2019-01-09 CVE-2018-6139 Improper Input Validation vulnerability in multiple products
Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
network
low complexity
google debian redhat CWE-20
8.8
2019-01-09 CVE-2018-6137 Information Exposure vulnerability in multiple products
CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian redhat CWE-200
6.5
2019-01-09 CVE-2018-6135 Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
network
low complexity
google debian redhat
6.5
2019-01-09 CVE-2018-6133 Data Processing Errors vulnerability in multiple products
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
network
low complexity
google debian redhat CWE-19
6.5
2019-01-09 CVE-2018-6127 Use After Free vulnerability in multiple products
Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian redhat CWE-416
critical
9.6
2019-01-09 CVE-2018-6126 Out-of-bounds Write vulnerability in multiple products
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
network
low complexity
google debian redhat CWE-787
8.8
2019-01-09 CVE-2018-6124 Incorrect Type Conversion or Cast vulnerability in multiple products
Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
network
low complexity
google debian redhat CWE-704
8.8