1886 matches found
CVE-2018-6151
CVE-2018-6151 concerns a bad cast in Chrome DevTools that allowed an attacker, by convincing a user to install a crafted Chrome extension, to trigger an out-of-bounds memory read. Affected software: Google Chrome with DevTools prior to 66.0.3359.117. The issue is addressed in later Chrome release...
CVE-2018-16081
CVE-2018-16081 affects Chromium/Chrome where the chrome.debugger API could run on file:// URLs in DevTools, enabling a remote-style attacker who persuades a user to install a malicious extension to access local files without file access permission. The vulnerability stems from DevTools allowing l...
CVE-2018-6178
Removed by vendor...
CVE-2018-6140
Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension...
CVE-2018-6178
Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension...
CVE-2018-6112
Removed by vendor...
CVE-2018-6151
Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension...
CVE-2018-6139
Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension...
CVE-2018-6139
CVE-2018-6139 affects Google Chrome/Chromium’s debugger extension API in DevTools, before 67.0.3396.62. An attacker convincing a user to install a malicious extension could bypass restrictions and execute arbitrary code. Public exploits exist. Remediation: upgrade to 67.0.3396.62 or newer. Affect...
CVE-2018-6139
Removed by vendor...
CVE-2018-6151
Removed by vendor...
CVE-2018-6178
CVE-2018-6178 is a UI spoofing vulnerability in Google Chrome/Chromium extensions. A crafted extension could elide or misrepresent UI in the DevTools/infobar flow, enabling a remote attacker to hide Chrome security UI. Affected product: Chromium/Chrome prior to 68.0.3440.75. Root cause: UI spoofi...
CVE-2018-18344
CVE-2018-18344 affects Google Chrome/Chromium before 71.0.3578.80 where the setDownloadBehavior devtools protocol feature in Extensions could be abused by a remote attacker who controls an installed extension to access local files. The issue is described as an inappropriate implementation in the ...
CVE-2018-18344
Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension...
Google Chrome DevTools Code Execution Vulnerability
Google Chrome is the United States Google Google company developed a Web browser. Devtools is one of the development and debugging tools. A security vulnerability exists in DevTools in versions of Google Chrome prior to 66.0.3359.106, which stems from the program's failure to adequately protect...
Google Chrome Security Bypass Vulnerability (CNVD-2019-01773)
Google Chrome is the United States Google Google company developed a Web browser. Devtools is one of the development and debugging tools. A security vulnerability exists in DevTools in versions of Google Chrome prior to 68.0.3440.75, which stems from an implementation of the Page.downloadBehavior...
CVE-2018-6101
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server...
CVE-2018-6101
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server...
UBUNTU-CVE-2018-6101
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server...
Design/Logic Flaw
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server...