Google Chrome vulnerabilities

CVE-2019-5829 [HIGH] CWE-190 CVE-2019-5829: Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacke Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

CVE-2019-5807 [HIGH] CWE-787 CVE-2019-5807: Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to pot Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-6131 [HIGH] CWE-787 CVE-2018-6131: Object lifecycle issue in WebAssembly in Google Chrome prior to 67.0.3396.62 allowed a remote attack Object lifecycle issue in WebAssembly in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-5820 [HIGH] CWE-190 CVE-2019-5820: Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to pote Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

CVE-2018-6155 [MEDIUM] CWE-416 CVE-2018-6155: Incorrect handling of frames in the VP8 parser in Google Chrome prior to 68.0.3440.75 allowed a remo Incorrect handling of frames in the VP8 parser in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

CVE-2018-6142 [MEDIUM] CWE-125 CVE-2018-6142: Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

CVE-2018-6130 [MEDIUM] CWE-125 CVE-2018-6130: Incorrect handling of object lifetimes in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a re Incorrect handling of object lifetimes in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

CVE-2018-16074 [MEDIUM] CWE-285 CVE-2018-16074: Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a r Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.

CVE-2018-20073 [MEDIUM] CWE-200 CVE-2018-20073: Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attac Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem.

CVE-2019-5833 [MEDIUM] CVE-2019-5833: Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.

CVE-2019-5784 [MEDIUM] CWE-787 CVE-2019-5784: Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote at Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-5838 [MEDIUM] CWE-863 CVE-2019-5838: Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.

CVE-2018-16077 [MEDIUM] CWE-285 CVE-2018-16077: Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CVE-2018-6134 [MEDIUM] CWE-200 CVE-2018-6134: Information leak in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass Information leak in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page.

CVE-2019-5837 [MEDIUM] CVE-2019-5837: Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote a Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2019-5814 [MEDIUM] CWE-352 CVE-2019-5814: Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote at Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2018-16073 [MEDIUM] CWE-285 CVE-2018-16073: Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a r Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.

CVE-2019-5810 [MEDIUM] CWE-312 CVE-2019-5810: Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to ob Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2018-6171 [MEDIUM] CWE-416 CVE-2018-6171: Use after free in Bluetooth in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced Use after free in Bluetooth in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.

CVE-2018-6132 [MEDIUM] CWE-908 CVE-2018-6132: Uninitialized data in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to obt Uninitialized data in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.