Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-27 | CVE-2017-5089 | Improper Input Validation vulnerability in multiple products Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name. | 6.5 |
| 2017-10-27 | CVE-2017-5086 | Improper Input Validation vulnerability in multiple products Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | 6.5 |
| 2017-10-27 | CVE-2017-5085 | Cross-site Scripting vulnerability in Google Chrome 58.0.3029 Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark. | 6.1 |
| 2017-10-27 | CVE-2017-5083 | Improper Input Validation vulnerability in multiple products Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. | 4.3 |
| 2017-10-27 | CVE-2017-5082 | Information Exposure vulnerability in Google Chrome Failure to take advantage of available mitigations in credit card autofill in Google Chrome prior to 59.0.3071.92 for Android allowed a local attacker to take screen shots of credit card information via a crafted HTML page. | 5.5 |
| 2017-10-27 | CVE-2017-5079 | Improper Input Validation vulnerability in multiple products Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. | 4.3 |
| 2017-10-27 | CVE-2017-5076 | Improper Input Validation vulnerability in multiple products Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | 6.5 |
| 2017-10-27 | CVE-2017-5075 | Information Exposure vulnerability in multiple products Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page. | 4.3 |
| 2017-10-27 | CVE-2017-5072 | Improper Input Validation vulnerability in Google Chrome Inappropriate implementation in Omnibox in Google Chrome prior to 59.0.3071.92 for Android allowed a remote attacker to perform domain spoofing with RTL characters via a crafted URL page. | 6.5 |
| 2017-10-27 | CVE-2017-5071 | Improper Input Validation vulnerability in multiple products Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 6.3 |