Vulnerabilities > Google > Chrome > 4.1.249.1017

DATE CVE VULNERABILITY TITLE RISK
2019-01-09 CVE-2018-6109 Information Exposure vulnerability in multiple products
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.
network
low complexity
google debian redhat CWE-200
6.5
2019-01-09 CVE-2018-6106 Data Processing Errors vulnerability in multiple products
An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page.
network
low complexity
google debian redhat CWE-19
8.8
2019-01-09 CVE-2018-6100 Data Processing Errors vulnerability in multiple products
Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
network
low complexity
google debian redhat CWE-19
6.5
2019-01-09 CVE-2018-6097 Data Processing Errors vulnerability in multiple products
Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page.
network
low complexity
google debian redhat CWE-19
6.5
2019-01-09 CVE-2018-6096 Improper Input Validation vulnerability in multiple products
A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
network
low complexity
google debian redhat CWE-20
6.5
2019-01-09 CVE-2018-6093 Information Exposure vulnerability in multiple products
Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian redhat CWE-200
6.5
2019-01-09 CVE-2018-6091 Data Processing Errors vulnerability in multiple products
Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian redhat CWE-19
6.5
2019-01-09 CVE-2018-6084 Improper Input Validation vulnerability in multiple products
Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.
local
low complexity
google debian redhat CWE-20
7.8
2019-01-09 CVE-2018-6056 Incorrect Type Conversion or Cast vulnerability in multiple products
Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google debian redhat CWE-704
8.8
2019-01-09 CVE-2018-20071 Cross-site Scripting vulnerability in Google Chrome
Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page.
network
low complexity
google CWE-79
6.1