20 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-6094
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...
Linux Distros Unpatched Vulnerability : CVE-2018-6151
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious...
Google Chrome DevTools Memory Misreference Vulnerability
Google Chrome is the United States Google Google company developed a Web browser. Devtools is one of the development and debugging tools. A memory misreference vulnerability exists in DevTools in versions of Google Chrome prior to 66.0.3359.117. A local attacker can exploit this vulnerability to...
Google Chrome Downloads Command Execution Vulnerability
Google Chrome is a web browser developed by Google.Downloads is one of the download components. A security vulnerability exists in Downloads in versions of Google Chrome prior to 66.0.3359.117, which originates when the program parses documents into HTML files. A remote attacker could exploit thi...
Design/Logic Flaw
readAsText can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page...
UBUNTU-CVE-2018-6114
Incorrect enforcement of CSP for tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page...
CVE-2018-6094
Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2018-6103
A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page...
Design/Logic Flaw
Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted domain name...
chromium-browser: Incorrect handling of plug-ins by Service Worker
Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
chromium-browser: Insufficient protection of remote debugging prototol in DevTools
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server...
chromium-browser: Use after free in WebAssembly
A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
chromium-browser: Heap-use-after-free in DevTools
An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page...
Critical: Red Hat Security Advisory: chromium-browser security update
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
chromium-browser: URL spoof in Navigation
Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page...
chromium-browser: Incorrect handling of files by FileAPI
readAsText can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page...
Security update for chromium (important)
This update for Chromium to version 66.0.3359.117 fixes the following issues: Security issues fixed boo1090000: - CVE-2018-6085: Use after free in Disk Cache - CVE-2018-6086: Use after free in Disk Cache - CVE-2018-6087: Use after free in WebAssembly - CVE-2018-6088: Use after free in PDFium -...
openSUSE: Security Advisory for chromium (openSUSE-SU-2018:1042-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Google Releases Security Update for Chrome
Google has released Chrome version 66.0.3359.117 for Windows, Mac, and Linux. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary...
Google Chrome Security Updates (stable-channel-update-for-desktop-2018-04) - Mac OS X
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...