Vulnerabilities > Google > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-04 | CVE-2018-6103 | A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page. | 6.5 |
| 2018-12-04 | CVE-2018-6102 | Improper Input Validation vulnerability in multiple products Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | 4.3 |
| 2018-12-04 | CVE-2018-6099 | Information Exposure vulnerability in multiple products A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page. | 6.5 |
| 2018-12-04 | CVE-2018-6098 | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 6.5 |
| 2018-12-04 | CVE-2018-6095 | Information Exposure vulnerability in multiple products Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page. | 6.5 |
| 2018-12-04 | CVE-2018-6089 | Improper Input Validation vulnerability in multiple products A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page. | 6.5 |
| 2018-11-27 | CVE-2018-11946 | Unspecified vulnerability in Google Android In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, the UPnP daemon should not be running out of box because it enables port forwarding without authentication. low complexity google | 6.5 |
| 2018-11-20 | CVE-2018-19335 | Cross-Site Request Forgery (CSRF) vulnerability in Google Monorail 20180404/20180504 Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports. | 5.3 |
| 2018-11-20 | CVE-2018-19334 | Cross-Site Request Forgery (CSRF) vulnerability in Google Monorail 20180404 Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports. | 5.3 |
| 2018-11-20 | CVE-2018-10099 | Cross-Site Request Forgery (CSRF) vulnerability in Google Monorail Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports. | 5.3 |