Vulnerabilities > Google > Chrome > 6.0.401.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-04 | CVE-2018-6103 | A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page. | 6.5 |
2018-12-04 | CVE-2018-6102 | Improper Input Validation vulnerability in multiple products Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 4.3 |
2018-12-04 | CVE-2018-6101 | Improper Input Validation vulnerability in multiple products A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server. | 7.5 |
2018-12-04 | CVE-2018-6099 | Information Exposure vulnerability in multiple products A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page. | 6.5 |
2018-12-04 | CVE-2018-6098 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 6.5 |
2018-12-04 | CVE-2018-6095 | Information Exposure vulnerability in multiple products Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page. | 6.5 |
2018-12-04 | CVE-2018-6094 | Out-of-bounds Write vulnerability in multiple products Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2018-12-04 | CVE-2018-6092 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
2018-12-04 | CVE-2018-6090 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
2018-12-04 | CVE-2018-6089 | Improper Input Validation vulnerability in multiple products A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page. | 6.5 |