Vulnerabilities > Google > Chrome > 27.0.1453.65
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-10-27 | CVE-2017-5113 | Out-of-bounds Write vulnerability in multiple products Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2017-10-27 | CVE-2017-5112 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
2017-10-27 | CVE-2017-5111 | Use After Free vulnerability in multiple products A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. | 8.8 |
2017-10-27 | CVE-2017-5110 | Improper Input Validation vulnerability in multiple products Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. | 6.5 |
2017-10-27 | CVE-2017-5109 | Improper Input Validation vulnerability in multiple products Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. | 4.3 |
2017-10-27 | CVE-2017-5108 | Type Confusion vulnerability in multiple products Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file. | 8.8 |
2017-10-27 | CVE-2017-5107 | Information Exposure Through Discrepancy vulnerability in multiple products A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page. | 5.3 |
2017-10-27 | CVE-2017-5106 | Improper Input Validation vulnerability in multiple products Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | 6.5 |
2017-10-27 | CVE-2017-5105 | Improper Input Validation vulnerability in multiple products Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | 6.5 |
2017-10-27 | CVE-2017-5104 | Improper Input Validation vulnerability in multiple products Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page. | 6.5 |