2018-12-04 | CVE-2018-6152 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction. | 9.6 |
2018-12-04 | CVE-2018-6116 | NULL Pointer Dereference vulnerability in multiple products A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 6.5 |
2018-12-04 | CVE-2018-6115 | Improper Input Validation vulnerability in Google Chrome Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page. | 6.5 |
2018-12-04 | CVE-2018-6108 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page. | 6.5 |
2018-12-04 | CVE-2018-6107 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 6.5 |
2018-12-04 | CVE-2018-6105 | Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 6.5 |
2018-12-04 | CVE-2018-6104 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 6.5 |
2018-12-04 | CVE-2018-6103 | A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page. | 6.5 |
2018-12-04 | CVE-2018-6102 | Improper Input Validation vulnerability in multiple products Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 4.3 |
2018-12-04 | CVE-2018-6101 | Improper Input Validation vulnerability in multiple products A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server. | 7.5 |