Vulnerabilities > Google > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-09 | CVE-2018-16072 | Origin Validation Error vulnerability in Google Chrome A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | 6.5 |
| 2019-01-09 | CVE-2018-16067 | Use After Free vulnerability in multiple products A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 |
| 2019-01-09 | CVE-2018-16066 | Use After Free vulnerability in multiple products A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 |
| 2018-12-17 | CVE-2017-18352 | Cross-site Scripting vulnerability in Google Rendertron 1.0.0 Error reporting within Rendertron 1.0.0 allows reflected Cross Site Scripting (XSS) from invalid URLs. | 6.1 |
| 2018-12-17 | CVE-2018-20168 | Improper Input Validation vulnerability in Google Gvisor Google gVisor before 2018-08-22 reuses a pagetable in a different level with the paging-structure cache intact, which allows attackers to cause a denial of service ("physical address not valid" panic) via a crafted application. | 5.5 |
| 2018-12-11 | CVE-2018-18358 | Improper Input Validation vulnerability in multiple products Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file. | 5.7 |
| 2018-12-11 | CVE-2018-18357 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 4.3 |
| 2018-12-11 | CVE-2018-18355 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 4.3 |
| 2018-12-11 | CVE-2018-18353 | Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page. | 6.5 |
| 2018-12-11 | CVE-2018-18352 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page. | 6.5 |