CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome » 4.1.249.1019 : Security Vulnerabilities

Cpe Name:cpe:/a:google:chrome:4.1.249.1019
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-5782 20 Exec Code 2019-02-19 2019-04-17
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
2 CVE-2019-5781 20 2019-02-19 2019-04-18
4.3
None Remote Medium Not required None Partial None
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
3 CVE-2019-5780 20 2019-02-19 2019-04-18
4.6
None Local Low Not required Partial Partial Partial
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.
4 CVE-2019-5779 264 Bypass 2019-02-19 2019-04-18
4.3
None Remote Medium Not required Partial None None
Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
5 CVE-2019-5778 79 XSS Bypass 2019-02-19 2019-04-18
4.3
None Remote Medium Not required None Partial None
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.
6 CVE-2019-5777 20 2019-02-19 2019-04-18
4.3
None Remote Medium Not required None Partial None
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
7 CVE-2019-5776 20 2019-02-19 2019-04-18
4.3
None Remote Medium Not required None Partial None
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
8 CVE-2019-5775 20 2019-02-19 2019-04-18
4.3
None Remote Medium Not required None Partial None
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
9 CVE-2019-5774 20 Exec Code 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.
10 CVE-2019-5773 20 Bypass 2019-02-19 2019-04-18
4.3
None Remote Medium Not required None Partial None
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
11 CVE-2019-5772 416 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
12 CVE-2019-5771 119 Exec Code Overflow 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
13 CVE-2019-5770 125 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
14 CVE-2019-5769 20 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
15 CVE-2019-5768 254 2019-02-19 2019-04-18
4.3
None Remote Medium Not required Partial None None
DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.
16 CVE-2019-5767 275 2019-02-19 2019-04-18
4.3
None Remote Medium Not required Partial None None
Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.
17 CVE-2019-5766 264 2019-02-19 2019-04-18
4.3
None Remote Medium Not required Partial None None
Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
18 CVE-2019-5765 200 +Info 2019-02-19 2019-04-18
4.3
None Remote Medium Not required Partial None None
An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.
19 CVE-2019-5764 416 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
20 CVE-2019-5763 20 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
21 CVE-2019-5762 119 Exec Code Overflow 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
22 CVE-2019-5761 416 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
23 CVE-2019-5760 416 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
24 CVE-2019-5759 416 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
25 CVE-2019-5758 416 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
26 CVE-2019-5757 704 2019-02-19 2019-04-18
6.8
None Remote Medium Not required Partial Partial Partial
An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
27 CVE-2019-5756 416 Exec Code 2019-02-19 2019-04-17
6.8
None Remote Medium Not required Partial Partial Partial
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
28 CVE-2019-5755 189 2019-02-19 2019-04-17
5.8
None Remote Medium Not required Partial Partial None
Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.
29 CVE-2019-5754 310 2019-02-19 2019-04-17
4.3
None Remote Medium Not required Partial None None
Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.
30 CVE-2018-20346 190 Exec Code Overflow 2018-12-21 2019-04-26
6.8
None Remote Medium Not required Partial Partial Partial
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
31 CVE-2018-20070 20 2019-01-09 2019-01-16
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
32 CVE-2018-20069 254 2019-01-09 2019-01-16
4.3
None Remote Medium Not required None Partial None
Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page.
33 CVE-2018-20068 20 2019-01-09 2019-01-16
4.3
None Remote Medium Not required None Partial None
Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page.
34 CVE-2018-20067 254 2019-01-09 2019-01-16
4.3
None Remote Medium Not required None Partial None
A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page.
35 CVE-2018-20066 416 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
36 CVE-2018-20065 20 2019-01-09 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file.
37 CVE-2018-18359 125 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
38 CVE-2018-18358 20 2018-12-11 2019-01-02
2.9
None Local Network Medium Not required None Partial None
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.
39 CVE-2018-18357 20 2018-12-11 2018-12-19
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
40 CVE-2018-18356 190 Overflow 2018-12-11 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
41 CVE-2018-18355 20 2018-12-11 2018-12-19
4.3
None Remote Medium Not required None Partial None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
42 CVE-2018-18354 20 2018-12-11 2018-12-20
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.
43 CVE-2018-18353 18 2018-12-11 2018-12-20
4.3
None Remote Medium Not required None Partial None
Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.
44 CVE-2018-18352 264 Bypass 2018-12-11 2018-12-20
4.3
None Remote Medium Not required Partial None None
Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.
45 CVE-2018-18351 20 Bypass 2018-12-11 2018-12-26
4.3
None Remote Medium Not required Partial None None
Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.
46 CVE-2018-18350 19 Bypass 2018-12-11 2018-12-26
4.3
None Remote Medium Not required None Partial None
Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.
47 CVE-2018-18349 264 2018-12-11 2019-01-10
4.3
None Remote Medium Not required Partial None None
Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.
48 CVE-2018-18348 20 2018-12-11 2018-12-20
4.3
None Remote Medium Not required None Partial None
Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
49 CVE-2018-18347 20 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.
50 CVE-2018-18346 20 2018-12-11 2018-12-13
4.3
None Remote Medium Not required None Partial None
Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.
Total number of vulnerabilities : 764   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.