Vulnerabilities > Google > Chrome > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-12-11 CVE-2018-18346 Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.
network
low complexity
google redhat debian
6.5
6.5
2018-12-11 CVE-2018-18345 Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.
network
low complexity
google redhat debian
6.5
6.5
2018-12-11 CVE-2018-18344 Improper Privilege Management vulnerability in multiple products
Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension.
network
low complexity
google debian redhat CWE-269
6.5
6.5
2018-12-04 CVE-2018-6116 NULL Pointer Dereference vulnerability in multiple products
A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
network
low complexity
google redhat debian CWE-476
6.5
6.5
2018-12-04 CVE-2018-6115 Improper Input Validation vulnerability in Google Chrome
Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page.
network
low complexity
google CWE-20
6.5
6.5
2018-12-04 CVE-2018-6108 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.
network
low complexity
redhat debian google
6.5
6.5
2018-12-04 CVE-2018-6107 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
network
low complexity
redhat debian google
6.5
6.5
2018-12-04 CVE-2018-6105 Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
network
low complexity
redhat debian google
6.5
6.5
2018-12-04 CVE-2018-6104 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
network
low complexity
redhat debian google
6.5
6.5
2018-12-04 CVE-2018-6103 A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.
network
low complexity
redhat debian google
6.5
6.5