Vulnerabilities > Google > Chrome > 60.0.3112.78
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-07 | CVE-2017-15387 | Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page. | 8.8 |
| 2018-02-07 | CVE-2017-15386 | Improper Input Validation vulnerability in multiple products Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 6.5 |
| 2017-10-27 | CVE-2017-5122 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page. | 8.8 |
| 2017-10-27 | CVE-2017-5121 | Improper Input Validation vulnerability in multiple products Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. | 8.8 |
| 2017-10-27 | CVE-2017-5120 | Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. | 6.5 |
| 2017-10-27 | CVE-2017-5119 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 4.3 |
| 2017-10-27 | CVE-2017-5118 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page. | 4.3 |
| 2017-10-27 | CVE-2017-5117 | Information Exposure vulnerability in multiple products Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
| 2017-10-27 | CVE-2017-5116 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2017-10-27 | CVE-2017-5115 | Incorrect Type Conversion or Cast vulnerability in Google Chrome Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | 8.8 |