Redhat » Linux Server » 6.0 : Security Vulnerabilities, CVEs, CVSS score >= 6
Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Max CVSS
8.8
EPSS Score
1.48%
Published
2018-12-11
Updated
2019-08-17
Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.
Max CVSS
8.8
EPSS Score
1.71%
Published
2018-12-11
Updated
2019-08-17
Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.
Max CVSS
6.5
EPSS Score
1.04%
Published
2018-12-11
Updated
2020-08-24
Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.43%
Published
2018-12-11
Updated
2020-08-24
An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.22%
Published
2018-12-11
Updated
2020-08-24
Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.43%
Published
2018-12-11
Updated
2020-08-24
Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
8.8
EPSS Score
1.67%
Published
2018-12-11
Updated
2020-08-24
Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.43%
Published
2018-12-11
Updated
2020-08-24
Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.43%
Published
2018-12-11
Updated
2020-08-24
Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Max CVSS
8.8
EPSS Score
1.88%
Published
2018-12-11
Updated
2020-08-24
Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Max CVSS
8.8
EPSS Score
1.81%
Published
2018-12-11
Updated
2020-08-24
Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
Max CVSS
8.8
EPSS Score
1.14%
Published
2018-11-14
Updated
2018-12-18
CVE-2018-17463
Known exploited
Public exploit
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Max CVSS
8.8
EPSS Score
97.41%
Published
2018-11-14
Updated
2020-08-24
CISA KEV Added
2022-06-08
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.
Max CVSS
9.6
EPSS Score
2.22%
Published
2018-11-14
Updated
2020-08-24
A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Max CVSS
6.5
EPSS Score
1.71%
Published
2018-12-04
Updated
2019-03-01
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.82%
Published
2018-12-04
Updated
2019-10-03
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Max CVSS
6.5
EPSS Score
0.82%
Published
2018-12-04
Updated
2019-10-03
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Max CVSS
6.5
EPSS Score
0.82%
Published
2018-12-04
Updated
2019-10-03
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Max CVSS
6.5
EPSS Score
0.82%
Published
2018-12-04
Updated
2019-10-03
A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.96%
Published
2018-12-04
Updated
2020-08-24
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.
Max CVSS
7.5
EPSS Score
14.72%
Published
2018-12-04
Updated
2019-03-01
A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.79%
Published
2018-12-04
Updated
2019-03-01
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Max CVSS
6.5
EPSS Score
0.66%
Published
2018-12-04
Updated
2019-10-03
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.79%
Published
2018-12-04
Updated
2019-03-01
Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.64%
Published
2018-12-04
Updated
2020-08-24