CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-20066 416 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
2 CVE-2018-20065 20 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file.
3 CVE-2018-18359 125 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
4 CVE-2018-18356 190 Overflow 2018-12-11 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
5 CVE-2018-18354 20 2018-12-11 2018-12-20
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.
6 CVE-2018-18347 20 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.
7 CVE-2018-18343 416 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8 CVE-2018-18342 502 Exec Code 2018-12-11 2018-12-21
6.8
None Remote Medium Not required Partial Partial Partial
Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
9 CVE-2018-18341 190 Overflow 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
10 CVE-2018-18340 119 Overflow 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
11 CVE-2018-18339 119 Overflow 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
12 CVE-2018-18338 119 Overflow 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
13 CVE-2018-18337 416 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14 CVE-2018-18336 416 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
15 CVE-2018-18335 119 Overflow 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
16 CVE-2018-17481 416 2018-12-11 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
17 CVE-2018-17480 787 Exec Code 2018-12-11 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
18 CVE-2018-17474 416 2018-11-14 2018-12-21
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
19 CVE-2018-17472 19 2018-11-14 2018-12-27
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.
20 CVE-2018-17469 125 2018-11-14 2018-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
21 CVE-2018-17466 125 2018-11-14 2019-01-24
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
22 CVE-2018-17465 416 2018-11-14 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
23 CVE-2018-17463 20 Exec Code 2018-11-14 2018-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
24 CVE-2018-17462 20 2018-11-14 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.
25 CVE-2018-17461 125 2019-01-09 2019-01-14
6.8
None Remote Medium Not required Partial Partial Partial
An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
26 CVE-2018-16085 416 2019-01-09 2019-01-18
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in ResourceCoordinator in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
27 CVE-2018-16076 125 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
28 CVE-2018-16071 416 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
29 CVE-2018-16068 20 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
30 CVE-2018-16065 416 Exec Code 2019-01-09 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
31 CVE-2018-6174 190 Exec Code Overflow 2019-01-09 2019-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page.
32 CVE-2018-6170 787 2019-01-09 2019-01-14
6.8
None Remote Medium Not required Partial Partial Partial
A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
33 CVE-2018-6153 787 2019-01-09 2019-01-14
6.8
None Remote Medium Not required Partial Partial Partial
A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
34 CVE-2018-6151 125 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension.
35 CVE-2018-6144 787 2019-01-09 2019-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file.
36 CVE-2018-6141 125 2019-01-09 2019-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.
37 CVE-2018-6139 20 Exec Code 2019-01-09 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
38 CVE-2018-6126 787 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
39 CVE-2018-6120 787 Exec Code Overflow 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
40 CVE-2018-6111 20 Exec Code 2019-01-09 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.
41 CVE-2018-6094 119 Overflow 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
42 CVE-2018-6092 190 Exec Code Overflow 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
43 CVE-2018-6090 190 Exec Code Overflow 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
44 CVE-2018-6088 20 Exec Code 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
45 CVE-2018-6087 416 Exec Code 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
46 CVE-2018-6086 416 Exec Code 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
47 CVE-2018-6085 20 Exec Code 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
48 CVE-2018-6083 264 2018-11-14 2018-12-28
6.8
None Remote Medium Not required Partial Partial Partial
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.
49 CVE-2018-6074 20 Bypass 2018-11-14 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.
50 CVE-2018-6073 119 Overflow 2018-11-14 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Total number of vulnerabilities : 363   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.