Vulnerabilities > Redhat > Enterprise Linux Workstation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-27 | CVE-2017-5118 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page. | 4.3 |
| 2017-10-27 | CVE-2017-5116 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2017-10-27 | CVE-2017-5114 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. | 8.8 |
| 2017-10-27 | CVE-2017-5113 | Out-of-bounds Write vulnerability in multiple products Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2017-10-27 | CVE-2017-5111 | Use After Free vulnerability in multiple products A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. | 8.8 |
| 2017-10-27 | CVE-2017-5110 | Improper Input Validation vulnerability in multiple products Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. | 6.5 |
| 2017-10-27 | CVE-2017-5109 | Improper Input Validation vulnerability in multiple products Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. | 4.3 |
| 2017-10-27 | CVE-2017-5108 | Type Confusion vulnerability in multiple products Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file. | 8.8 |
| 2017-10-27 | CVE-2017-5107 | Information Exposure Through Discrepancy vulnerability in multiple products A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page. | 5.3 |
| 2017-10-27 | CVE-2017-5106 | Improper Input Validation vulnerability in multiple products Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | 6.5 |