Vulnerabilities > Google > Chrome > 27.0.1453.75

DATE CVE VULNERABILITY TITLE RISK
2018-12-21 CVE-2018-20346 Integer Overflow or Wraparound vulnerability in multiple products
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
network
high complexity
sqlite google redhat debian opensuse CWE-190
8.1
2018-12-11 CVE-2018-18359 Out-of-bounds Read vulnerability in multiple products
Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google redhat debian CWE-125
8.8
2018-12-11 CVE-2018-18358 Improper Input Validation vulnerability in multiple products
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.
low complexity
google debian redhat CWE-20
5.7
2018-12-11 CVE-2018-18357 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
network
low complexity
google redhat debian
4.3
2018-12-11 CVE-2018-18356 Use After Free vulnerability in multiple products
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian canonical redhat opensuse CWE-416
8.8
2018-12-11 CVE-2018-18355 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
network
low complexity
google redhat debian
4.3
2018-12-11 CVE-2018-18354 Improper Input Validation vulnerability in multiple products
Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.
network
low complexity
google redhat debian CWE-20
8.8
2018-12-11 CVE-2018-18353 Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.
network
low complexity
google redhat debian
6.5
2018-12-11 CVE-2018-18352 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.
network
low complexity
google redhat debian CWE-732
6.5
2018-12-11 CVE-2018-18351 Improper Input Validation vulnerability in multiple products
Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.
network
low complexity
google redhat debian CWE-20
6.5