Vulnerabilities > Google > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-02 | CVE-2018-9502 | Out-of-bounds Read vulnerability in Google Android In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out-of-bounds read due to a missing bounds check. | 6.5 |
| 2018-10-02 | CVE-2018-9499 | Use of Uninitialized Resource vulnerability in Google Android In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. | 5.5 |
| 2018-10-02 | CVE-2018-9493 | SQL Injection vulnerability in Google Android In the content provider of the download manager, there is a possible SQL injection due to improper input validation. | 5.5 |
| 2018-10-02 | CVE-2018-9452 | Improper Input Validation vulnerability in Google Android In getOffsetForHorizontal of Layout.java, there is a possible application hang due to a slow width calculation. | 5.5 |
| 2018-09-25 | CVE-2018-6119 | Improper Input Validation vulnerability in Google Chrome Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 6.5 |
| 2018-09-25 | CVE-2018-6052 | Information Exposure vulnerability in multiple products Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data. | 4.3 |
| 2018-09-25 | CVE-2018-6051 | Cross-site Scripting vulnerability in multiple products XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page. | 4.3 |
| 2018-09-25 | CVE-2018-6050 | Improper Input Validation vulnerability in multiple products Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 6.5 |
| 2018-09-25 | CVE-2018-6049 | Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page. | 6.5 |
| 2018-09-25 | CVE-2018-6048 | Improper Input Validation vulnerability in multiple products Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page. | 4.3 |