Vulnerabilities > Google > Chrome > 9.0.570.1

DATE CVE VULNERABILITY TITLE RISK
2018-02-07 CVE-2017-15393 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.
network
low complexity
google debian CWE-668
8.8
2018-02-07 CVE-2017-15392 Improper Input Validation vulnerability in multiple products
Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration.
network
low complexity
google debian CWE-20
4.3
2018-02-07 CVE-2017-15391 Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.
network
low complexity
google debian
6.5
2018-02-07 CVE-2017-15390 Improper Input Validation vulnerability in multiple products
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
network
low complexity
google debian CWE-20
6.5
2018-02-07 CVE-2017-15389 Improper Input Validation vulnerability in multiple products
An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
low complexity
google debian CWE-20
6.5
2018-02-07 CVE-2017-15388 Out-of-bounds Read vulnerability in multiple products
Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian CWE-125
8.8
2018-02-07 CVE-2017-15387 Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.
network
low complexity
google debian
8.8
2018-02-07 CVE-2017-15386 Improper Input Validation vulnerability in multiple products
Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
low complexity
google debian CWE-20
6.5
2018-01-09 CVE-2015-1290 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
network
low complexity
google qt opensuse CWE-119
8.8
2018-01-03 CVE-2017-1000460 NULL Pointer Dereference vulnerability in multiple products
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.
network
low complexity
libav ffmpeg google CWE-476
6.5