Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 12 SP2 package chromium, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (200)
CVE-2017-11215 — CVSS 9.8 (critical): An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free…
CVE-2017-15398 — CVSS 9.8 (critical): A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code…
CVE-2017-11225 — CVSS 9.8 (critical): An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free…
CVE-2017-5053 — CVSS 9.6 (critical): An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a…
CVE-2019-5759 — CVSS 9.6 (critical): Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to…
CVE-2018-17462 — CVSS 9.6 (critical): Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a…
CVE-2018-17472 — CVSS 9.6 (critical): Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to…
CVE-2018-18343 — CVSS 8.8 (high): Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to…
CVE-2017-15399 — CVSS 8.8 (high): A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2017-5121 — CVSS 8.8 (high): Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker…
CVE-2017-5122 — CVSS 8.8 (high): Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger…
CVE-2018-18342 — CVSS 8.8 (high): Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in…
CVE-2017-5125 — CVSS 8.8 (high): Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2017-5126 — CVSS 8.8 (high): A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2017-5127 — CVSS 8.8 (high): Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2017-5128 — CVSS 8.8 (high): Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2017-5129 — CVSS 8.8 (high): A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory…
CVE-2017-5130 — CVSS 8.8 (high): An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a…
CVE-2017-5131 — CVSS 8.8 (high): An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2017-5132 — CVSS 8.8 (high): Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption…
CVE-2017-5133 — CVSS 8.8 (high): Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly…
CVE-2017-7000 — CVSS 8.8 (high): An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the…
CVE-2018-18341 — CVSS 8.8 (high): An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to…
CVE-2018-17465 — CVSS 8.8 (high): Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit…
CVE-2018-17466 — CVSS 8.8 (high): Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory…
CVE-2018-18340 — CVSS 8.8 (high): Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap…
CVE-2017-15408 — CVSS 8.8 (high): Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via…
CVE-2018-17469 — CVSS 8.8 (high): Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of…
CVE-2018-18339 — CVSS 8.8 (high): Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap…
CVE-2018-18338 — CVSS 8.8 (high): Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit…
CVE-2018-17474 — CVSS 8.8 (high): Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit…
CVE-2018-18337 — CVSS 8.8 (high): Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to…
CVE-2018-18336 — CVSS 8.8 (high): Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap…
CVE-2018-18335 — CVSS 8.8 (high): Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2018-17478 — CVSS 8.8 (high): Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object…
CVE-2018-17481 — CVSS 8.8 (high): Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap…
CVE-2017-15409 — CVSS 8.8 (high): Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2017-15410 — CVSS 8.8 (high): Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2017-15411 — CVSS 8.8 (high): Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2017-15412 — CVSS 8.8 (high): Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to…
CVE-2017-15413 — CVSS 8.8 (high): Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption…
CVE-2019-5782 — CVSS 8.8 (high): Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside…
CVE-2016-5206 — CVSS 8.8 (high): The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed…
CVE-2019-5758 — CVSS 8.8 (high): Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap…
CVE-2019-5757 — CVSS 8.8 (high): An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object…
CVE-2019-5769 — CVSS 8.8 (high): Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote…
CVE-2019-5764 — CVSS 8.8 (high): Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap…
CVE-2019-5756 — CVSS 8.8 (high): Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute…
CVE-2019-5774 — CVSS 8.8 (high): Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed…
CVE-2016-5209 — CVSS 8.8 (high): Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android…
CVE-2019-5763 — CVSS 8.8 (high): Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap…
CVE-2018-6406 — CVSS 8.8 (high): The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data…
CVE-2018-6122 — CVSS 8.8 (high): Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to potentially exploit heap corruption via…
CVE-2018-6121 — CVSS 8.8 (high): Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation…
CVE-2018-6120 — CVSS 8.8 (high): An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170…
CVE-2017-5009 — CVSS 8.8 (high): WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds…
CVE-2018-6118 — CVSS 8.8 (high): A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a…
CVE-2019-5762 — CVSS 8.8 (high): Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute…
CVE-2017-5012 — CVSS 8.8 (high): A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a…
CVE-2019-5761 — CVSS 8.8 (high): Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially…
CVE-2018-6111 — CVSS 8.8 (high): An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute…
CVE-2019-5760 — CVSS 8.8 (high): Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit…
CVE-2016-9651 — CVSS 8.8 (high): A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to…
CVE-2018-6106 — CVSS 8.8 (high): An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to…
CVE-2018-6094 — CVSS 8.8 (high): Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap…
CVE-2018-6092 — CVSS 8.8 (high): An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary…
CVE-2018-6090 — CVSS 8.8 (high): An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to…
CVE-2018-6088 — CVSS 8.8 (high): An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a…
CVE-2018-6087 — CVSS 8.8 (high): A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a…
CVE-2018-6086 — CVSS 8.8 (high): A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to…
CVE-2018-6085 — CVSS 8.8 (high): Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary…
CVE-2018-6083 — CVSS 8.8 (high): Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote…
CVE-2017-5029 — CVSS 8.8 (high): The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows…
CVE-2017-5031 — CVSS 8.8 (high): A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory…
CVE-2017-5032 — CVSS 8.8 (high): PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote…
CVE-2018-6074 — CVSS 8.8 (high): Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls…
CVE-2017-5034 — CVSS 8.8 (high): A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of…
CVE-2018-18354 — CVSS 8.8 (high): Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote…
CVE-2017-5111 — CVSS 8.8 (high): A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially…
CVE-2017-5112 — CVSS 8.8 (high): Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside…
CVE-2017-5113 — CVSS 8.8 (high): Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote…
CVE-2017-5114 — CVSS 8.8 (high): Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for…
CVE-2017-5115 — CVSS 8.8 (high): Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption…
CVE-2017-5116 — CVSS 8.8 (high): Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote…
CVE-2018-18347 — CVSS 8.8 (high): Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker…
CVE-2017-5095 — CVSS 8.8 (high): Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially…
CVE-2018-6031 — CVSS 8.8 (high): Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2017-5097 — CVSS 8.8 (high): Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an…
CVE-2017-5098 — CVSS 8.8 (high): A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an…
CVE-2017-5099 — CVSS 8.8 (high): Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to…
CVE-2017-5100 — CVSS 8.8 (high): A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory…
CVE-2018-18359 — CVSS 8.8 (high): Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds…
CVE-2017-15393 — CVSS 8.8 (high): Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain…
CVE-2019-5772 — CVSS 8.8 (high): Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to…
CVE-2019-5771 — CVSS 8.8 (high): An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code…
CVE-2018-18356 — CVSS 8.8 (high): An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to…
CVE-2017-5108 — CVSS 8.8 (high): Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to…
CVE-2019-5770 — CVSS 8.8 (high): Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory…
CVE-2018-6073 — CVSS 8.8 (high): A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write…
CVE-2018-6072 — CVSS 8.8 (high): An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially…
CVE-2018-6071 — CVSS 8.8 (high): An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a…
CVE-2018-6067 — CVSS 8.8 (high): Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap…
CVE-2017-5043 — CVSS 8.8 (high): Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a…
CVE-2018-6064 — CVSS 8.8 (high): Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to…
CVE-2018-6063 — CVSS 8.8 (high): Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised…
CVE-2017-5052 — CVSS 8.8 (high): An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and…
CVE-2017-5054 — CVSS 8.8 (high): An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a…
CVE-2017-5055 — CVSS 8.8 (high): A use after free in printing in Google Chrome prior to 57.0.2987.133 for Linux and Windows allowed a remote attacker to perform an out of…
CVE-2017-5056 — CVSS 8.8 (high): A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a…
CVE-2017-5057 — CVSS 8.8 (high): Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote…
CVE-2017-5058 — CVSS 8.8 (high): A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially perform out of…
CVE-2017-5059 — CVSS 8.8 (high): Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote…
CVE-2018-6062 — CVSS 8.8 (high): Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via…
CVE-2017-5062 — CVSS 8.8 (high): A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a…
CVE-2017-5063 — CVSS 8.8 (high): A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a…
CVE-2017-5064 — CVSS 8.8 (high): Incorrect handling of DOM changes in Blink in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially…
CVE-2018-6060 — CVSS 8.8 (high): Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2018-6057 — CVSS 8.8 (high): Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer…
CVE-2016-5210 — CVSS 8.8 (high): Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and…
CVE-2017-5073 — CVSS 8.8 (high): Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android…
CVE-2018-6056 — CVSS 8.8 (high): Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute…
CVE-2017-15387 — CVSS 8.8 (high): Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open…
CVE-2017-5077 — CVSS 8.8 (high): Insufficient validation of untrusted input in Skia in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for…
CVE-2017-5078 — CVSS 8.8 (high): Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac…
CVE-2018-6054 — CVSS 8.8 (high): Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2017-5080 — CVSS 8.8 (high): A use after free in credit card autofill in Google Chrome prior to 59.0.3071.86 for Linux and Windows allowed a remote attacker to perform…
CVE-2018-6043 — CVSS 8.8 (high): Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially…
CVE-2018-6035 — CVSS 8.8 (high): Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user…
CVE-2018-6033 — CVSS 8.8 (high): Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary…
CVE-2017-15388 — CVSS 8.8 (high): Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds…
CVE-2017-5087 — CVSS 8.8 (high): A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a…
CVE-2017-5088 — CVSS 8.8 (high): Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for…
CVE-2016-5211 — CVSS 8.8 (high): A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote…
CVE-2017-5091 — CVSS 8.8 (high): A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to…
CVE-2017-5092 — CVSS 8.8 (high): Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to…
CVE-2016-5203 — CVSS 8.8 (high): A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote…
CVE-2016-5213 — CVSS 8.8 (high): A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote…
CVE-2017-5035 — CVSS 8.1 (high): Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate…
CVE-2019-5755 — CVSS 8.1 (high): Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write…
CVE-2018-6034 — CVSS 8.1 (high): Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory…
CVE-2017-5074 — CVSS 8.0 (high): A use after free in Chrome Apps in Google Chrome prior to 59.0.3071.86 for Windows allowed a remote attacker to perform an out of bounds…
CVE-2017-5039 — CVSS 7.8 (high): A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a…
CVE-2017-5036 — CVSS 7.8 (high): A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a…
CVE-2017-5037 — CVSS 7.8 (high): An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a…
CVE-2019-5780 — CVSS 7.8 (high): Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to…
CVE-2018-5179 — CVSS 7.5 (high): A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by…
CVE-2018-6061 — CVSS 7.5 (high): A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to…
CVE-2017-5068 — CVSS 7.5 (high): Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to…
CVE-2018-6101 — CVSS 7.5 (high): A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a…
CVE-2018-17470 — CVSS 7.4 (high): A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to…
CVE-2016-5212 — CVSS 6.5 (medium): Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which…
CVE-2016-5217 — CVSS 6.5 (medium): The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted…
CVE-2016-5218 — CVSS 6.5 (medium): The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled…
CVE-2016-5220 — CVSS 6.5 (medium): PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation…
CVE-2016-5222 — CVSS 6.5 (medium): Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed…
CVE-2016-5223 — CVSS 6.5 (medium): Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote…
CVE-2017-15386 — CVSS 6.5 (medium): Incorrect implementation in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox…
CVE-2017-15389 — CVSS 6.5 (medium): An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the…
CVE-2017-15390 — CVSS 6.5 (medium): Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via…
CVE-2017-15391 — CVSS 6.5 (medium): Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages…
CVE-2017-15394 — CVSS 6.5 (medium): Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing…
CVE-2017-15395 — CVSS 6.5 (medium): A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2017-15396 — CVSS 6.5 (medium): A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google…
CVE-2017-15415 — CVSS 6.5 (medium): Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a…
CVE-2017-15416 — CVSS 6.5 (medium): Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption…
CVE-2017-15419 — CVSS 6.5 (medium): Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing…
CVE-2017-15420 — CVSS 6.5 (medium): Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to…
CVE-2017-15422 — CVSS 6.5 (medium): Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in…
CVE-2017-15424 — CVSS 6.5 (medium): Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via…
CVE-2017-15425 — CVSS 6.5 (medium): Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via…
CVE-2017-15426 — CVSS 6.5 (medium): Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via…
CVE-2017-5011 — CVSS 6.5 (medium): Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a…
CVE-2017-5013 — CVSS 6.5 (medium): Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote…
CVE-2017-5015 — CVSS 6.5 (medium): Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which…
CVE-2017-5016 — CVSS 6.5 (medium): Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI…
CVE-2017-5060 — CVSS 6.5 (medium): Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for…
CVE-2017-5066 — CVSS 6.5 (medium): Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and…
CVE-2017-5067 — CVSS 6.5 (medium): An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker…
CVE-2017-5072 — CVSS 6.5 (medium): Inappropriate implementation in Omnibox in Google Chrome prior to 59.0.3071.92 for Android allowed a remote attacker to perform domain…
CVE-2017-5076 — CVSS 6.5 (medium): Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for…
CVE-2017-5086 — CVSS 6.5 (medium): Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform…
CVE-2017-5089 — CVSS 6.5 (medium): Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain…
CVE-2017-5093 — CVSS 6.5 (medium): Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android…
CVE-2017-5094 — CVSS 6.5 (medium): Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a…
CVE-2017-5101 — CVSS 6.5 (medium): Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to…
CVE-2017-5104 — CVSS 6.5 (medium): Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the…
CVE-2017-5105 — CVSS 6.5 (medium): Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote…
CVE-2017-5106 — CVSS 6.5 (medium): Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote…
CVE-2017-5110 — CVSS 6.5 (medium): Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for…
CVE-2017-5117 — CVSS 6.5 (medium): Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain…
CVE-2017-5120 — CVSS 6.5 (medium): Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and…
CVE-2018-17468 — CVSS 6.5 (medium): Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to…
CVE-2018-18344 — CVSS 6.5 (medium): Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a…