Vulnerabilities > Google > Chrome > 6.0.401.1

DATE CVE VULNERABILITY TITLE RISK
2019-01-09 CVE-2016-9651 Code Injection vulnerability in multiple products
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google redhat CWE-94
8.8
2019-01-09 CVE-2016-10403 Out-of-bounds Read vulnerability in Google Chrome
Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
network
low complexity
google CWE-125
8.8
2018-12-21 CVE-2018-20346 Integer Overflow or Wraparound vulnerability in multiple products
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
network
high complexity
sqlite google redhat debian opensuse CWE-190
8.1
2018-12-11 CVE-2018-18359 Out-of-bounds Read vulnerability in multiple products
Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google redhat debian CWE-125
8.8
2018-12-11 CVE-2018-18358 Improper Input Validation vulnerability in multiple products
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.
low complexity
google debian redhat CWE-20
5.7
2018-12-11 CVE-2018-18357 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
network
low complexity
google redhat debian
4.3
2018-12-11 CVE-2018-18356 Use After Free vulnerability in multiple products
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian canonical redhat opensuse CWE-416
8.8
2018-12-11 CVE-2018-18355 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
network
low complexity
google redhat debian
4.3
2018-12-11 CVE-2018-18354 Improper Input Validation vulnerability in multiple products
Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.
network
low complexity
google redhat debian CWE-20
8.8
2018-12-11 CVE-2018-18353 Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.
network
low complexity
google redhat debian
6.5