Vulnerabilities > Google > Chrome > 71.0.3540.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-19 | CVE-2019-5754 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy. | 6.5 |
| 2019-01-09 | CVE-2018-20070 | Improper Input Validation vulnerability in Google Chrome Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 6.5 |
| 2019-01-09 | CVE-2018-20069 | Unspecified vulnerability in Google Chrome Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. | 4.3 |
| 2019-01-09 | CVE-2018-20068 | Improper Input Validation vulnerability in Google Chrome Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. | 4.3 |
| 2019-01-09 | CVE-2018-20067 | Unspecified vulnerability in Google Chrome A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. | 4.3 |
| 2019-01-09 | CVE-2018-20066 | Use After Free vulnerability in Google Chrome Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2019-01-09 | CVE-2018-20065 | Improper Input Validation vulnerability in Google Chrome Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file. | 8.8 |
| 2018-12-21 | CVE-2018-20346 | Integer Overflow or Wraparound vulnerability in multiple products SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. | 8.1 |
| 2018-12-11 | CVE-2018-18359 | Out-of-bounds Read vulnerability in multiple products Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 8.8 |
| 2018-12-11 | CVE-2018-18358 | Improper Input Validation vulnerability in multiple products Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file. | 5.7 |