Vulnerabilities > Google > Chrome

DATE CVE VULNERABILITY TITLE RISK
2019-01-09 CVE-2018-6151 Out-of-bounds Read vulnerability in multiple products
Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension.
network
low complexity
google debian redhat CWE-125
8.8
2019-01-09 CVE-2018-6147 Information Exposure vulnerability in multiple products
Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process.
local
low complexity
google debian redhat CWE-200
5.5
2019-01-09 CVE-2018-6144 Out-of-bounds Write vulnerability in multiple products
Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file.
network
low complexity
google debian redhat CWE-787
8.8
2019-01-09 CVE-2018-6143 Out-of-bounds Read vulnerability in multiple products
Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian redhat CWE-125
6.5
2019-01-09 CVE-2018-6141 Out-of-bounds Read vulnerability in multiple products
Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian redhat CWE-125
8.8
2019-01-09 CVE-2018-6140 Improper Input Validation vulnerability in multiple products
Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
network
low complexity
google debian redhat CWE-20
8.8
2019-01-09 CVE-2018-6139 Improper Input Validation vulnerability in multiple products
Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
network
low complexity
google debian redhat CWE-20
8.8
2019-01-09 CVE-2018-6137 Information Exposure vulnerability in multiple products
CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian redhat CWE-200
6.5
2019-01-09 CVE-2018-6135 Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
network
low complexity
google debian redhat
6.5
2019-01-09 CVE-2018-6133 Data Processing Errors vulnerability in multiple products
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
network
low complexity
google debian redhat CWE-19
6.5