CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat » Enterprise Linux Desktop : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2018-6169 20 2019-01-09 2019-01-15
4.3
None Remote Medium Not required None Partial None
Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page.
252 CVE-2018-6167 2019-01-09 2019-10-02
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
253 CVE-2018-6166 2019-01-09 2019-10-02
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
254 CVE-2018-6165 2019-01-09 2019-10-02
4.3
None Remote Medium Not required None Partial None
Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
255 CVE-2018-6164 200 +Info 2019-01-09 2019-01-14
4.3
None Remote Medium Not required Partial None None
Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
256 CVE-2018-6163 2019-01-09 2019-10-02
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
257 CVE-2018-6158 362 2019-01-09 2019-01-14
5.1
None Remote High Not required Partial Partial Partial
A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
258 CVE-2018-6153 787 2019-01-09 2019-01-14
6.8
None Remote Medium Not required Partial Partial Partial
A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
259 CVE-2018-6151 125 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension.
260 CVE-2018-6144 787 2019-01-09 2019-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file.
261 CVE-2018-6143 125 2019-01-09 2019-01-15
4.3
None Remote Medium Not required None None Partial
Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
262 CVE-2018-6141 125 2019-01-09 2019-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.
263 CVE-2018-6140 20 Exec Code 2019-01-09 2019-01-16
9.3
None Remote Medium Not required Complete Complete Complete
Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
264 CVE-2018-6139 20 Exec Code 2019-01-09 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
265 CVE-2018-6137 200 +Info 2019-01-09 2019-01-14
4.3
None Remote Medium Not required Partial None None
CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
266 CVE-2018-6135 2019-01-09 2019-10-02
4.3
None Remote Medium Not required None Partial None
Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
267 CVE-2018-6126 787 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
268 CVE-2018-6123 416 2019-01-09 2019-01-14
4.3
None Remote Medium Not required None None Partial
A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
269 CVE-2018-6120 787 Exec Code Overflow 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
270 CVE-2018-6117 200 +Info 2019-01-09 2019-01-15
4.3
None Remote Medium Not required Partial None None
Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
271 CVE-2018-6114 20 Bypass 2019-01-09 2019-01-16
4.3
None Remote Medium Not required None Partial None
Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.
272 CVE-2018-6113 20 2019-01-09 2019-01-16
4.3
None Remote Medium Not required None Partial None
Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
273 CVE-2018-6112 706 Bypass 2019-01-09 2019-10-02
4.3
None Remote Medium Not required Partial None None
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
274 CVE-2018-6111 20 Exec Code 2019-01-09 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.
275 CVE-2018-6083 2018-11-14 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.
276 CVE-2018-6082 200 +Info 2018-11-14 2018-12-27
4.3
None Remote Medium Not required Partial None None
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.
277 CVE-2018-6080 269 2018-11-14 2019-10-02
4.3
None Remote Medium Not required Partial None None
Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .
278 CVE-2018-6079 200 +Info 2018-11-14 2018-12-26
4.3
None Remote Medium Not required Partial None None
Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
279 CVE-2018-6078 20 2018-11-14 2018-12-26
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
280 CVE-2018-6077 200 +Info 2018-11-14 2018-12-21
4.3
None Remote Medium Not required Partial None None
Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
281 CVE-2018-6070 79 XSS Bypass 2018-11-14 2019-10-02
4.3
None Remote Medium Not required None Partial None
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
282 CVE-2018-6067 125 2018-11-14 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
283 CVE-2018-6065 190 Overflow 2018-11-14 2019-05-13
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
284 CVE-2018-6064 704 2018-11-14 2019-05-02
6.8
None Remote Medium Not required Partial Partial Partial
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
285 CVE-2018-6063 787 2018-11-14 2018-12-26
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
286 CVE-2018-6062 787 Overflow 2018-11-14 2018-12-21
6.8
None Remote Medium Not required Partial Partial Partial
Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
287 CVE-2018-6061 362 2018-11-14 2018-12-19
5.1
None Remote High Not required Partial Partial Partial
A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
288 CVE-2018-6060 416 2018-11-14 2018-12-21
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
289 CVE-2018-6057 732 Bypass 2018-11-14 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.
290 CVE-2018-6054 416 2018-09-25 2018-11-20
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
291 CVE-2018-6053 200 +Info 2018-09-25 2018-11-20
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.
292 CVE-2018-6052 200 +Info 2018-09-25 2018-11-20
4.3
None Remote Medium Not required Partial None None
Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.
293 CVE-2018-6051 79 XSS 2018-09-25 2018-11-15
4.3
None Remote Medium Not required Partial None None
XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.
294 CVE-2018-6050 20 2018-09-25 2018-11-20
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
295 CVE-2018-6049 2018-09-25 2019-10-02
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.
296 CVE-2018-6048 20 +Info 2018-09-25 2018-11-20
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page.
297 CVE-2018-6047 20 2018-09-25 2018-11-20
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page.
298 CVE-2018-6046 20 2018-09-25 2018-11-15
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.
299 CVE-2018-6045 200 +Info 2018-09-25 2018-11-15
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
300 CVE-2018-6043 20 2018-09-25 2018-11-15
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.
Total number of vulnerabilities : 1039   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.