Vulnerabilities > Google > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-09 | CVE-2018-16083 | Out-of-bounds Read vulnerability in multiple products An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 8.8 |
| 2019-01-09 | CVE-2018-16081 | Missing Authorization vulnerability in multiple products Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension. | 7.4 |
| 2019-01-09 | CVE-2018-16076 | Out-of-bounds Read vulnerability in multiple products Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | 8.8 |
| 2019-01-09 | CVE-2018-16071 | Use After Free vulnerability in multiple products A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. | 8.8 |
| 2019-01-09 | CVE-2018-16065 | Use After Free vulnerability in multiple products A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2019-01-09 | CVE-2017-15428 | Out-of-bounds Write vulnerability in Google Chrome Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2019-01-09 | CVE-2017-15405 | Race Condition vulnerability in Google Chrome Inappropriate symlink handling and a race condition in the stateful recovery feature implementation could lead to a persistance established by a malicious code running with root privileges in cryptohomed in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page. | 7.0 |
| 2019-01-09 | CVE-2017-15404 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Google Chrome An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted HTML page. | 7.8 |
| 2019-01-09 | CVE-2017-15403 | Command Injection vulnerability in Google Chrome Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page. | 7.3 |
| 2019-01-09 | CVE-2017-15401 | Out-of-bounds Write vulnerability in Google Chrome A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in WebAssembly in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |