CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

CNNVD•added 2026/06/02 12:0 a.m.•3 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability caused by improper handling of the Paint API. This vulnerability could allow remote attackers to exploit the system by leaking cross-source data through...

6.5CVSS5.4AI score0.00176EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-17900

Malware in sbrugna...

6.5CVSS7.9AI score0.01902EPSS

Exploits0References9

Tenable Nessus•added 2025/08/18 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2018-6137

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross- origin data via a crafted HTML page. CVE-2018-6137 Note...

6.5CVSS7.4AI score0.01902EPSS

Exploits0References2

SUSE CVE•added 2023/02/15 4:30 a.m.•2 views

SUSE CVE-2018-6137

CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS8.5AI score0.01902EPSS

Exploits0References7

Jake Archibald's Blog•added 2020/12/11 1:0 a.m.•19 views

CSS paint API: Being predictably random

Take a look at this: Space invaders If you're using a browser that supports the CSS paint API, the element will have a 'random' pixel-art gradient in the background. But it turns out, doing random in CSS isn't as easy as it seems… Initial implementation This isn't a full tutorial on the CSS paint...

6.8AI score

Exploits0

BDU FSTEC•added 2019/12/09 12:0 a.m.•2 views

The vulnerability in the implementation of the API technology used by CSS Paint in the Google Chrome browser allows attackers to disclose protected information.

The vulnerability of the API implementation in Google Chrome’s CSS Paint technology lies in the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information through a specially created HTML page...

7.1CVSS7AI score0.01902EPSS

Exploits0References6Affected Software2

OSV•added 2019/01/09 7:29 p.m.•2 views

CVE-2018-6137

CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS5.8AI score

Exploits0References6

NVD•added 2019/01/09 7:29 p.m.•15 views

CVE-2018-6137

CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS5.8AI score0.01902EPSS

Exploits0References6

Prion•added 2019/01/09 7:29 p.m.•23 views

Design/Logic Flaw

CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

4.3CVSS6.5AI score0.01902EPSS

Exploits0References6Affected Software5

OSV•added 2019/01/09 7:29 p.m.•1 views

UBUNTU-CVE-2018-6137

CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7.3AI score0.01902EPSS

Exploits0References3

Cvelist•added 2019/01/09 7:0 p.m.•26 views

CVE-2018-6137

CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

5.7AI score0.01902EPSS

Exploits0References6

CVE•added 2019/01/09 7:0 p.m.•141 views

CVE-2018-6137

CVE-2018-6137 is a Blink information-leak vulnerability in Google Chrome, present in Blink-based builds prior to 67.0.3396.62. A crafted HTML page could allow a remote attacker to disclose cross-origin data. Connected CNVD-2018-11487 describes the Chrome/Blink impact and mode of disclosure. Publi...

6.5CVSS5.6AI score0.01902EPSS

Exploits0References6Affected Software1