Vulnerabilities > Google > Chrome

DATE CVE VULNERABILITY TITLE RISK
2017-10-27 CVE-2017-5101 Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.
network
low complexity
google debian redhat
6.5
2017-10-27 CVE-2017-5100 Use After Free vulnerability in multiple products
A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian redhat CWE-416
8.8
2017-10-27 CVE-2017-5099 Improper Input Validation vulnerability in multiple products
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page.
network
low complexity
google debian CWE-20
8.8
2017-10-27 CVE-2017-5098 Use After Free vulnerability in multiple products
A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian redhat CWE-416
8.8
2017-10-27 CVE-2017-5097 Improper Input Validation vulnerability in multiple products
Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
network
low complexity
google debian CWE-20
8.8
2017-10-27 CVE-2017-5096 Information Exposure vulnerability in Google Chrome
Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents.
network
low complexity
google CWE-200
4.3
2017-10-27 CVE-2017-5095 Out-of-bounds Write vulnerability in multiple products
Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file.
network
low complexity
google debian redhat CWE-787
8.8
2017-10-27 CVE-2017-5094 Type Confusion vulnerability in multiple products
Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page.
network
low complexity
debian google redhat CWE-843
6.5
2017-10-27 CVE-2017-5093 Improper Input Validation vulnerability in multiple products
Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page.
network
low complexity
google debian redhat CWE-20
6.5
2017-10-27 CVE-2017-5092 Improper Input Validation vulnerability in multiple products
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian CWE-20
8.8