Vulnerabilities > Google > Chrome

DATE CVE VULNERABILITY TITLE RISK
2019-01-09 CVE-2017-15405 Race Condition vulnerability in Google Chrome
Inappropriate symlink handling and a race condition in the stateful recovery feature implementation could lead to a persistance established by a malicious code running with root privileges in cryptohomed in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page.
local
high complexity
google CWE-362
7.0
2019-01-09 CVE-2017-15404 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Google Chrome
An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted HTML page.
local
low complexity
google CWE-367
7.8
2019-01-09 CVE-2017-15403 Command Injection vulnerability in Google Chrome
Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page.
local
low complexity
google CWE-77
7.3
2019-01-09 CVE-2017-15402 Improper Input Validation vulnerability in Google Chrome
Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google CWE-20
critical
9.6
2019-01-09 CVE-2017-15401 Out-of-bounds Write vulnerability in Google Chrome
A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in WebAssembly in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google CWE-787
8.8
2019-01-09 CVE-2016-9651 Code Injection vulnerability in multiple products
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google redhat CWE-94
8.8
2019-01-09 CVE-2016-10403 Out-of-bounds Read vulnerability in Google Chrome
Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
network
low complexity
google CWE-125
8.8
2018-12-21 CVE-2018-20346 Integer Overflow or Wraparound vulnerability in multiple products
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
network
high complexity
sqlite google redhat debian opensuse CWE-190
8.1
2018-12-11 CVE-2018-18359 Out-of-bounds Read vulnerability in multiple products
Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google redhat debian CWE-125
8.8
2018-12-11 CVE-2018-18358 Improper Input Validation vulnerability in multiple products
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.
low complexity
google debian redhat CWE-20
5.7