Vulnerabilities > Redhat > Enterprise Linux Desktop > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-01-09 CVE-2018-6096 Improper Input Validation vulnerability in multiple products
A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
network
low complexity
google debian redhat CWE-20
6.5
2019-01-09 CVE-2018-6093 Information Exposure vulnerability in multiple products
Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian redhat CWE-200
6.5
2019-01-09 CVE-2018-6091 Data Processing Errors vulnerability in multiple products
Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian redhat CWE-19
6.5
2019-01-09 CVE-2018-17459 Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
low complexity
google redhat
6.5
2019-01-09 CVE-2018-16088 Improper Input Validation vulnerability in multiple products
A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page.
network
low complexity
google redhat CWE-20
6.5
2019-01-09 CVE-2018-16084 Cross-site Scripting vulnerability in multiple products
The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page.
network
low complexity
google redhat CWE-79
6.1
2019-01-09 CVE-2018-16082 Out-of-bounds Read vulnerability in multiple products
An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
network
low complexity
google redhat CWE-125
6.5
2019-01-09 CVE-2018-16079 Race Condition vulnerability in multiple products
A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
high complexity
google redhat CWE-362
5.3
2019-01-09 CVE-2018-16078 Information Exposure vulnerability in multiple products
Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
network
low complexity
google redhat CWE-200
6.5
2019-01-09 CVE-2018-16067 Use After Free vulnerability in multiple products
A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian redhat CWE-416
6.5