National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:google:chrome:23.0.1271.2
There are 1,194 matching records.
Displaying matches 201 through 220.
Vuln ID Summary CVSS Severity
CVE-2017-15403

Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page.

Published: January 09, 2019; 02:29:00 PM -05:00
V3.0: 7.3 HIGH
    V2: 4.4 MEDIUM
CVE-2017-15402

Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Published: January 09, 2019; 02:29:00 PM -05:00
V3.0: 9.6 CRITICAL
    V2: 6.8 MEDIUM
CVE-2017-15401

A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in WebAssembly in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Published: January 09, 2019; 02:29:00 PM -05:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-9651

A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Published: January 09, 2019; 02:29:00 PM -05:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-10403

Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

Published: January 09, 2019; 02:29:00 PM -05:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-20346

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

Published: December 21, 2018; 04:29:00 PM -05:00
V3.0: 8.1 HIGH
    V2: 6.8 MEDIUM
CVE-2018-18359

Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Published: December 11, 2018; 11:29:02 AM -05:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-18358

Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.

Published: December 11, 2018; 11:29:02 AM -05:00
V3.0: 5.7 MEDIUM
    V2: 2.9 LOW
CVE-2018-18357

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Published: December 11, 2018; 11:29:02 AM -05:00
V3.0: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-18356

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: December 11, 2018; 11:29:01 AM -05:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-18355

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Published: December 11, 2018; 11:29:01 AM -05:00
V3.0: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-18354

Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.

Published: December 11, 2018; 11:29:01 AM -05:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-18353

Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.

Published: December 11, 2018; 11:29:01 AM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-18352

Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.

Published: December 11, 2018; 11:29:01 AM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-18351

Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.

Published: December 11, 2018; 11:29:01 AM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-18350

Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Published: December 11, 2018; 11:29:01 AM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-18349

Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.

Published: December 11, 2018; 11:29:01 AM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-18348

Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Published: December 11, 2018; 11:29:01 AM -05:00
V3.0: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-18347

Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.

Published: December 11, 2018; 11:29:01 AM -05:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-18346

Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.

Published: December 11, 2018; 11:29:01 AM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM