Vulnerabilities > Google > Chrome

DATE CVE VULNERABILITY TITLE RISK
2018-12-11 CVE-2018-18347 Improper Input Validation vulnerability in multiple products
Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.
network
low complexity
google redhat debian CWE-20
8.8
2018-12-11 CVE-2018-18346 Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.
network
low complexity
google redhat debian
6.5
2018-12-11 CVE-2018-18345 Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.
network
low complexity
google redhat debian
6.5
2018-12-11 CVE-2018-18344 Improper Privilege Management vulnerability in multiple products
Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension.
network
low complexity
google debian redhat CWE-269
6.5
2018-12-11 CVE-2018-18343 Use After Free vulnerability in multiple products
Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google redhat debian CWE-416
8.8
2018-12-11 CVE-2018-18342 Out-of-bounds Write vulnerability in multiple products
Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
network
low complexity
google redhat debian CWE-787
8.8
2018-12-11 CVE-2018-18341 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google redhat debian CWE-190
8.8
2018-12-11 CVE-2018-18340 Use After Free vulnerability in multiple products
Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google redhat debian CWE-416
8.8
2018-12-11 CVE-2018-18339 Use After Free vulnerability in multiple products
Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google redhat debian CWE-416
8.8
2018-12-11 CVE-2018-18338 Out-of-bounds Write vulnerability in multiple products
Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google redhat debian CWE-787
8.8