CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome » 5.0.366.0 : Security Vulnerabilities

Cpe Name:cpe:/a:google:chrome:5.0.366.0
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2018-6131 416 2019-06-27 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
Object lifecycle issue in WebAssembly in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
202 CVE-2018-6130 125 2019-06-27 2019-07-01
4.3
None Remote Medium Not required None None Partial
Incorrect handling of object lifetimes in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
203 CVE-2018-6129 125 2019-06-27 2019-07-01
4.3
None Remote Medium Not required None None Partial
Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
204 CVE-2018-6128 79 XSS 2019-06-27 2019-07-01
4.3
None Remote Medium Not required None Partial None
Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
205 CVE-2018-6126 787 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
206 CVE-2018-6123 416 2019-01-09 2019-01-14
4.3
None Remote Medium Not required None None Partial
A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
207 CVE-2018-6121 20 2019-06-27 2019-07-01
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page.
208 CVE-2018-6120 787 Exec Code Overflow 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
209 CVE-2018-6119 20 2018-09-25 2018-11-20
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
210 CVE-2018-6118 416 Exec Code 2019-06-27 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
211 CVE-2018-6117 200 +Info 2019-01-09 2019-01-15
4.3
None Remote Medium Not required Partial None None
Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
212 CVE-2018-6116 476 2018-12-04 2019-01-09
4.3
None Remote Medium Not required None None Partial
A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
213 CVE-2018-6115 20 Bypass 2018-12-04 2019-01-09
4.3
None Remote Medium Not required None Partial None
Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page.
214 CVE-2018-6114 20 Bypass 2019-01-09 2019-01-16
4.3
None Remote Medium Not required None Partial None
Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.
215 CVE-2018-6113 20 2019-01-09 2019-01-16
4.3
None Remote Medium Not required None Partial None
Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
216 CVE-2018-6112 706 Bypass 2019-01-09 2019-10-02
4.3
None Remote Medium Not required Partial None None
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
217 CVE-2018-6111 20 Exec Code 2019-01-09 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.
218 CVE-2018-6108 2018-12-04 2019-10-02
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.
219 CVE-2018-6107 2018-12-04 2019-10-02
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
220 CVE-2018-6105 2018-12-04 2019-10-02
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
221 CVE-2018-6104 2018-12-04 2019-10-02
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
222 CVE-2018-6103 20 Bypass 2018-12-04 2019-01-09
4.3
None Remote Medium Not required None Partial None
A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.
223 CVE-2018-6102 20 2018-12-04 2019-01-09
4.3
None Remote Medium Not required None Partial None
Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
224 CVE-2018-6101 20 Exec Code 2018-12-04 2019-01-09
5.1
None Remote High Not required Partial Partial Partial
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.
225 CVE-2018-6099 200 +Info 2018-12-04 2019-01-09
4.3
None Remote Medium Not required Partial None None
A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
226 CVE-2018-6098 2018-12-04 2019-10-02
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
227 CVE-2018-6095 200 +Info 2018-12-04 2019-01-09
4.3
None Remote Medium Not required Partial None None
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page.
228 CVE-2018-6094 119 Overflow 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
229 CVE-2018-6092 190 Exec Code Overflow 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
230 CVE-2018-6090 190 Exec Code Overflow 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
231 CVE-2018-6089 20 2018-12-04 2019-01-09
4.3
None Remote Medium Not required Partial None None
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
232 CVE-2018-6088 20 Exec Code 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
233 CVE-2018-6087 416 Exec Code 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
234 CVE-2018-6086 416 Exec Code 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
235 CVE-2018-6085 20 Exec Code 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
236 CVE-2018-6083 2018-11-14 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.
237 CVE-2018-6082 200 +Info 2018-11-14 2018-12-27
4.3
None Remote Medium Not required Partial None None
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.
238 CVE-2018-6081 79 XSS 2018-11-14 2018-12-14
4.3
None Remote Medium Not required None Partial None
XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.
239 CVE-2018-6080 269 2018-11-14 2019-10-02
4.3
None Remote Medium Not required Partial None None
Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .
240 CVE-2018-6079 200 +Info 2018-11-14 2018-12-26
4.3
None Remote Medium Not required Partial None None
Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
241 CVE-2018-6078 20 2018-11-14 2018-12-26
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
242 CVE-2018-6077 200 +Info 2018-11-14 2018-12-21
4.3
None Remote Medium Not required Partial None None
Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
243 CVE-2018-6076 79 XSS 2018-11-14 2018-12-19
4.3
None Remote Medium Not required None Partial None
Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page.
244 CVE-2018-6075 200 +Info 2018-11-14 2018-12-19
4.3
None Remote Medium Not required Partial None None
Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction.
245 CVE-2018-6074 20 Bypass 2018-11-14 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.
246 CVE-2018-6073 119 Overflow 2018-11-14 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
247 CVE-2018-6072 190 Overflow 2018-11-14 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
248 CVE-2018-6071 190 Overflow 2018-11-14 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
249 CVE-2018-6070 79 XSS Bypass 2018-11-14 2019-10-02
4.3
None Remote Medium Not required None Partial None
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
250 CVE-2018-6069 119 Overflow 2018-11-14 2018-12-19
4.3
None Remote Medium Not required Partial None None
Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Total number of vulnerabilities : 839   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14 15 16 17
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.