Filtered by vendor Google
Subscribe
Total
13548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17465 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
|
|||||
| CVE-2018-17464 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
|
|||||
| CVE-2018-17462 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
|
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.
|
|||||
| CVE-2018-17461 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
|
|||||
| CVE-2018-17460 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Insufficient data validation in filesystem URIs in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
|
|||||
| CVE-2018-17459 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
|
|||||
| CVE-2018-17458 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
|
|||||
| CVE-2018-17457 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An object lifecycle issue in Blink could lead to a use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
|
|||||
| CVE-2018-16359 | 1 Google | 1 Gvisor | 2024-11-21 | 7.1 HIGH | 6.8 MEDIUM |
|
Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system call, which allows attackers to rename files on the host OS.
|
|||||
| CVE-2018-16088 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page.
|
|||||
| CVE-2018-16087 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Lack of proper state tracking in Permissions in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
|
|||||
| CVE-2018-16086 | 1 Google | 1 Chrome | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
|
Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
|
|||||
| CVE-2018-16085 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A use after free in ResourceCoordinator in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2018-16084 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page.
|
|||||
| CVE-2018-16083 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
|
|||||
| CVE-2018-16082 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
|
|||||
| CVE-2018-16081 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
|
Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension.
|
|||||
| CVE-2018-16080 | 2 Apple, Google | 2 Macos, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A missing check for popup window handling in Fullscreen in Google Chrome on macOS prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
|
|||||
| CVE-2018-16079 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
|
A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
|
|||||
| CVE-2018-16078 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
|
|||||
| CVE-2018-16077 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass content security policy via a crafted HTML page.
|
|||||
| CVE-2018-16076 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
|
|||||
| CVE-2018-16075 | 1 Google | 1 Chrome | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
|
Insufficient file type enforcement in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain local file data via a crafted HTML page.
|
|||||
| CVE-2018-16074 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.
|
|||||
| CVE-2018-16073 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.
|
|||||
| CVE-2018-16072 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
|
|||||
| CVE-2018-16071 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
|
|||||
| CVE-2018-16070 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2018-16069 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Unintended floating-point error accumulation in SwiftShader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
|
|||||
| CVE-2018-16068 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
|
Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
|
|||||
| CVE-2018-16067 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2018-16066 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2018-16065 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
|
|||||
| CVE-2018-16064 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Insufficient data validation in Extensions API in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
|
|||||
| CVE-2018-15983 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
|
|||||
| CVE-2018-15981 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
|
|||||
| CVE-2018-15978 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
|
|||||
| CVE-2018-15967 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure.
|
|||||
| CVE-2018-15835 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983.
|
|||||
| CVE-2018-15482 | 2 Google, Lg | 15 Android, G5, G6 and 12 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006.
|
|||||