U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:google:chrome:70.0.3530.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 1,681 matching records.
Displaying matches 1,661 through 1,680.
Vuln ID Summary CVSS Severity
CVE-2018-17481

Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Published: December 11, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-17480

Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Published: December 11, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-17477

Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page.

Published: November 14, 2018; 10:29:00 AM -0500
V4.0:(not available)
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-17476

Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.

Published: November 14, 2018; 10:29:00 AM -0500
V4.0:(not available)
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-17475

Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Published: November 14, 2018; 10:29:00 AM -0500
V4.0:(not available)
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-17474

Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: November 14, 2018; 10:29:00 AM -0500
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-17473

Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

Published: November 14, 2018; 10:29:00 AM -0500
V4.0:(not available)
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-17472

Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.

Published: November 14, 2018; 10:29:00 AM -0500
V4.0:(not available)
V3.0: 9.6 CRITICAL
V2.0: 6.8 MEDIUM
CVE-2018-17471

Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.

Published: November 14, 2018; 10:29:00 AM -0500
V4.0:(not available)
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-17469

Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

Published: November 14, 2018; 10:29:00 AM -0500
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-17468

Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.

Published: November 14, 2018; 10:29:00 AM -0500
V4.0:(not available)
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-17467

Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Published: November 14, 2018; 10:29:00 AM -0500
V4.0:(not available)
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-17466

Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Published: November 14, 2018; 10:29:00 AM -0500
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-17465

Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

Published: November 14, 2018; 10:29:00 AM -0500
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-17464

Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Published: November 14, 2018; 10:29:00 AM -0500
V4.0:(not available)
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-17463

Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Published: November 14, 2018; 10:29:00 AM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-17462

Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.

Published: November 14, 2018; 10:29:00 AM -0500
V4.0:(not available)
V3.0: 9.6 CRITICAL
V2.0: 6.8 MEDIUM
CVE-2013-6662

Google Chrome caches TLS sessions before certificate validation occurs.

Published: April 13, 2017; 1:59:00 PM -0400
V4.0:(not available)
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2012-4930

The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

Published: September 15, 2012; 2:55:03 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2012-4929

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

Published: September 15, 2012; 2:55:03 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 2.6 LOW