Vulnerabilities > Redhat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-27 | CVE-2017-5107 | Information Exposure Through Discrepancy vulnerability in multiple products A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page. | 5.3 |
| 2017-10-27 | CVE-2017-5106 | Improper Input Validation vulnerability in multiple products Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | 6.5 |
| 2017-10-27 | CVE-2017-5105 | Improper Input Validation vulnerability in multiple products Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | 6.5 |
| 2017-10-27 | CVE-2017-5104 | Improper Input Validation vulnerability in multiple products Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page. | 6.5 |
| 2017-10-27 | CVE-2017-5103 | Use of Uninitialized Resource vulnerability in multiple products Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 4.3 |
| 2017-10-27 | CVE-2017-5102 | Use of Uninitialized Resource vulnerability in multiple products Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 4.3 |
| 2017-10-27 | CVE-2017-5101 | Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. | 6.5 |
| 2017-10-27 | CVE-2017-5094 | Type Confusion vulnerability in multiple products Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page. | 6.5 |
| 2017-10-27 | CVE-2017-5093 | Improper Input Validation vulnerability in multiple products Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page. | 6.5 |
| 2017-10-27 | CVE-2017-5089 | Improper Input Validation vulnerability in multiple products Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name. | 6.5 |