Lucene search

K

71 matches found

CVE
CVE
added 2017/10/27 5:29 a.m.999 views

CVE-2017-5070

Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.5AI score0.78305EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.110 views

CVE-2017-5110

Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.

6.5CVSS6.1AI score0.01066EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.109 views

CVE-2017-5089

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name.

6.5CVSS6.5AI score0.00709EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.109 views

CVE-2017-5094

Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page.

6.5CVSS6.4AI score0.00985EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.106 views

CVE-2017-5069

Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent Cross-Origin Resource Sharing checks via a crafted HTML page.

6.1CVSS6.3AI score0.00522EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.106 views

CVE-2017-5088

Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

8.8CVSS8AI score0.00911EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.99 views

CVE-2017-5061

A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

5.3CVSS5.4AI score0.00465EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.96 views

CVE-2017-5062

A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension.

8.8CVSS8.3AI score0.00985EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.95 views

CVE-2017-5059

Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page.

8.8CVSS8.2AI score0.02491EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.94 views

CVE-2017-5122

Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page.

8.8CVSS7.9AI score0.01484EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.93 views

CVE-2017-5056

A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8.5AI score0.00911EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.93 views

CVE-2017-5093

Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page.

6.5CVSS6.3AI score0.01156EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.92 views

CVE-2017-5071

Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.8CVSS6.3AI score0.00782EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.91 views

CVE-2017-5060

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

6.5CVSS6.5AI score0.00688EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.91 views

CVE-2017-5116

Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.5AI score0.55771EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.91 views

CVE-2017-5119

Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

4.3CVSS4.9AI score0.00909EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.90 views

CVE-2017-5121

Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.

8.8CVSS8.6AI score0.03642EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.89 views

CVE-2017-5058

A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

8.8CVSS8.3AI score0.00985EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.89 views

CVE-2017-5107

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page.

5.3CVSS5.6AI score0.00586EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.88 views

CVE-2017-5053

An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf.

9.6CVSS8.8AI score0.01386EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.88 views

CVE-2017-5054

An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page.

8.8CVSS8AI score0.00543EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.88 views

CVE-2017-5079

Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.

4.3CVSS4.9AI score0.00709EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.88 views

CVE-2017-5092

Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

8.8CVSS8.2AI score0.01484EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.87 views

CVE-2017-5109

Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.

4.3CVSS5AI score0.01156EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.86 views

CVE-2017-5068

Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page.

7.5CVSS7.1AI score0.00415EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.85 views

CVE-2017-5108

Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file.

8.8CVSS7.8AI score0.00839EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.84 views

CVE-2017-5087

A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape.

8.8CVSS8.4AI score0.00911EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.83 views

CVE-2017-5083

Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.

4.3CVSS4.9AI score0.00709EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.82 views

CVE-2017-5055

A use after free in printing in Google Chrome prior to 57.0.2987.133 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

9.3CVSS8.5AI score0.00705EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.82 views

CVE-2017-5111

A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

8.8CVSS8.5AI score0.01484EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.81 views

CVE-2017-5117

Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.3AI score0.00765EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.80 views

CVE-2017-5112

Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.7AI score0.02731EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.79 views

CVE-2017-5076

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

6.5CVSS6.5AI score0.00709EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.78 views

CVE-2017-5095

Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file.

8.8CVSS8.4AI score0.01587EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.78 views

CVE-2017-5101

Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.

6.5CVSS6.2AI score0.01156EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.77 views

CVE-2017-5065

Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page.

4.7CVSS5.3AI score0.00709EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.77 views

CVE-2017-5115

Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

8.8CVSS8.2AI score0.0281EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.76 views

CVE-2017-5075

Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page.

4.3CVSS4.9AI score0.00708EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.76 views

CVE-2017-5077

Insufficient validation of untrusted input in Skia in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8AI score0.00911EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.76 views

CVE-2017-5113

Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.01265EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.75 views

CVE-2017-5052

An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting.

8.8CVSS8.5AI score0.00543EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.75 views

CVE-2017-5091

A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8.3AI score0.01098EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.75 views

CVE-2017-5100

A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8.2AI score0.01098EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.74 views

CVE-2017-5063

A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS6.6AI score0.00911EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.74 views

CVE-2017-5066

Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page.

6.5CVSS6.4AI score0.00177EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.74 views

CVE-2017-5080

A use after free in credit card autofill in Google Chrome prior to 59.0.3071.86 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8CVSS8.2AI score0.00911EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.73 views

CVE-2017-5067

An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5CVSS6.2AI score0.00709EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.73 views

CVE-2017-5114

Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

8.8CVSS8.3AI score0.01484EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.72 views

CVE-2017-5057

Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

8.8CVSS8AI score0.00839EPSS
CVE
CVE
added 2017/10/27 5:29 a.m.72 views

CVE-2017-5078

Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as * have an incor...

8.8CVSS8.4AI score0.51468EPSS
Total number of security vulnerabilities71