CVE-2018-6046

Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension...

CVE-2018-6039

CVE-2018-6039 describes an issue in Google Chrome’s DevTools where insufficient data validation could allow a remote attacker to leak user cross-origin data via a crafted Chrome Extension. Affected software: Google Chrome with DevTools. Root cause: inadequate input validation in DevTools leading ...

CVE-2018-6045

CVE-2018-6045 affects Google Chrome (DevTools) and is caused by Insufficient policy enforcement in DevTools from extensions, allowing a remote attacker to potentially leak user local file data via a crafted Chrome extension. The vulnerability is tied to Chrome versions prior to 64.0.3282.119. Pub...

CVE-2018-6039

Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension...

CVE-2018-6045

Removed by vendor...

CVE-2018-6039

Removed by vendor...

CVE-2018-6046

Removed by vendor...

CVE-2018-6035

Removed by vendor...

chromium-browser: Local file access in DevTools

Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension...

Google Chrome DevTools Information Disclosure Vulnerability

Google Chrome is the United States Google Google company developed a Web browser. Devtools is one of the development and debugging tools. An information disclosure vulnerability exists in DevTools in versions of Google Chrome prior to 69.0.3497.81. A remote attacker can exploit the vulnerability ...

chromium-browser: UI spoof in Extensions

Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension...

chromium-browser: Local file write in DevTools

The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted...

CVE-2018-6178

Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension...

CVE-2018-6151

Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension...

chromium-browser: Restrictions bypass in the debugger extension API

Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension...

FreeBSD : chromium -- vulnerability (36ff7a74-47b1-11e8-a7d6-54e1ad544088)

Google Chrome Releases reports : 62 security fixes in this release : - 826626 Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28 - 827492 Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30 - 813876 High...

chromium-browser: Heap-use-after-free in DevTools

An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page...

chromium-browser: Incorrect URL handling in DevTools

Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

chromium-browser: Insufficient protection of remote debugging prototol in DevTools

A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server...

CVE-2018-6101

A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server...