Vulnerabilities > Google > Chrome > 4.0.258.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-10-27 | CVE-2017-5095 | Out-of-bounds Write vulnerability in multiple products Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file. | 8.8 |
2017-10-27 | CVE-2017-5094 | Type Confusion vulnerability in multiple products Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page. | 6.5 |
2017-10-27 | CVE-2017-5093 | Improper Input Validation vulnerability in multiple products Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page. | 6.5 |
2017-10-27 | CVE-2017-5092 | Improper Input Validation vulnerability in multiple products Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 8.8 |
2017-10-27 | CVE-2017-5091 | Use After Free vulnerability in multiple products A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 8.8 |
2017-10-27 | CVE-2017-5090 | Improper Input Validation vulnerability in Google Chrome Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.115 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name containing a U+0620 character, aka Apple rdar problem 32458012. | 6.5 |
2017-10-27 | CVE-2017-5089 | Improper Input Validation vulnerability in multiple products Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name. | 6.5 |
2017-10-27 | CVE-2017-5088 | Out-of-bounds Read vulnerability in multiple products Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | 8.8 |
2017-10-27 | CVE-2017-5087 | Use After Free vulnerability in multiple products A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape. | 8.8 |
2017-10-27 | CVE-2017-5086 | Improper Input Validation vulnerability in multiple products Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | 6.5 |