U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:google:chrome:69.0.3497.88:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 1,682 matching records.
Displaying matches 1,621 through 1,640.
Vuln ID Summary CVSS Severity
CVE-2019-5758

Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: February 19, 2019; 12:29:00 PM -0500
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-5757

An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

Published: February 19, 2019; 12:29:00 PM -0500
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-5756

Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

Published: February 19, 2019; 12:29:00 PM -0500
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-5755

Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.

Published: February 19, 2019; 12:29:00 PM -0500
V4.0:(not available)
V3.0: 8.1 HIGH
V2.0: 5.8 MEDIUM
CVE-2019-5754

Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.

Published: February 19, 2019; 12:29:00 PM -0500
V4.0:(not available)
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20071

Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page.

Published: January 09, 2019; 2:29:03 PM -0500
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20070

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Published: January 09, 2019; 2:29:03 PM -0500
V4.0:(not available)
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20069

Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page.

Published: January 09, 2019; 2:29:03 PM -0500
V4.0:(not available)
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20068

Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page.

Published: January 09, 2019; 2:29:03 PM -0500
V4.0:(not available)
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20067

A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page.

Published: January 09, 2019; 2:29:03 PM -0500
V4.0:(not available)
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-20066

Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: January 09, 2019; 2:29:03 PM -0500
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-20065

Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file.

Published: January 09, 2019; 2:29:03 PM -0500
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-17470

A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Published: January 09, 2019; 2:29:02 PM -0500
V4.0:(not available)
V3.0: 7.4 HIGH
V2.0: 4.3 MEDIUM
CVE-2018-17459

Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Published: January 09, 2019; 2:29:02 PM -0500
V4.0:(not available)
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-17458

An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Published: January 09, 2019; 2:29:02 PM -0500
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-20346

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

Published: December 21, 2018; 4:29:00 PM -0500
V4.0:(not available)
V3.0: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-18359

Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Published: December 11, 2018; 11:29:02 AM -0500
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-18358

Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.

Published: December 11, 2018; 11:29:02 AM -0500
V4.0:(not available)
V3.0: 5.7 MEDIUM
V2.0: 2.9 LOW
CVE-2018-18357

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Published: December 11, 2018; 11:29:02 AM -0500
V4.0:(not available)
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-18356

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: December 11, 2018; 11:29:01 AM -0500
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM