National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:google:chrome:33.0.1750.5
There are 899 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2018-16067

A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: January 09, 2019; 02:29:01 PM -05:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-16066

A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: January 09, 2019; 02:29:01 PM -05:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-16065

A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Published: January 09, 2019; 02:29:01 PM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2017-15428

Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Published: January 09, 2019; 02:29:01 PM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2017-15405

Inappropriate symlink handling and a race condition in the stateful recovery feature implementation could lead to a persistance established by a malicious code running with root privileges in cryptohomed in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page.

Published: January 09, 2019; 02:29:00 PM -05:00
V3: 7.0 HIGH
V2: 6.9 MEDIUM
CVE-2017-15404

An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted HTML page.

Published: January 09, 2019; 02:29:00 PM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-15403

Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page.

Published: January 09, 2019; 02:29:00 PM -05:00
V3: 7.3 HIGH
V2: 4.4 MEDIUM
CVE-2017-15402

Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Published: January 09, 2019; 02:29:00 PM -05:00
V3: 9.6 CRITICAL
V2: 6.8 MEDIUM
CVE-2017-15401

A memory corruption bug in WebAssembly could lead to out of bounds read and write through V8 in WebAssembly in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Published: January 09, 2019; 02:29:00 PM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-9651

A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Published: January 09, 2019; 02:29:00 PM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-10403

Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

Published: January 09, 2019; 02:29:00 PM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-20346

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

Published: December 21, 2018; 04:29:00 PM -05:00
V3: 8.1 HIGH
V2: 6.8 MEDIUM
CVE-2018-18359

Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Published: December 11, 2018; 11:29:02 AM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-18358

Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.

Published: December 11, 2018; 11:29:02 AM -05:00
V3: 5.7 MEDIUM
V2: 2.9 LOW
CVE-2018-18357

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Published: December 11, 2018; 11:29:02 AM -05:00
V3: 4.3 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-18356

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: December 11, 2018; 11:29:01 AM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-18355

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Published: December 11, 2018; 11:29:01 AM -05:00
V3: 4.3 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-18354

Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.

Published: December 11, 2018; 11:29:01 AM -05:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-18353

Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.

Published: December 11, 2018; 11:29:01 AM -05:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-18352

Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.

Published: December 11, 2018; 11:29:01 AM -05:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM