Google Chrome vulnerabilities

CVE-2018-17460 [MEDIUM] CWE-20 CVE-2018-17460: Insufficient data validation in filesystem URIs in Google Chrome prior to 68.0.3440.75 allowed a rem Insufficient data validation in filesystem URIs in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

CVE-2019-5830 [MEDIUM] CVE-2019-5830: Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote atta Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2019-5805 [MEDIUM] CWE-416 CVE-2019-5805: Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potent Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

CVE-2019-5832 [MEDIUM] CVE-2019-5832: Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a r Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2019-5786 [MEDIUM] CWE-416 CVE-2019-5786: Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

CVE-2018-6177 [MEDIUM] CWE-200 CVE-2018-6177: Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2019-5812 [MEDIUM] CVE-2019-5812: Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker t Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVE-2018-16069 [MEDIUM] CWE-125 CVE-2018-16069: Unintended floating-point error accumulation in SwiftShader in Google Chrome prior to 69.0.3497.81 a Unintended floating-point error accumulation in SwiftShader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2019-5823 [MEDIUM] CWE-601 CVE-2019-5823: Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVE-2017-5028 [MEDIUM] CWE-20 CVE-2017-5028: Insufficient data validation in V8 in Google Chrome prior to 56.0.2924.76 allowed a remote attacker Insufficient data validation in V8 in Google Chrome prior to 56.0.2924.76 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2018-6150 [MEDIUM] CWE-200 CVE-2018-6150: Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 66.0.3359.117 allowed a remote Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2018-16064 [MEDIUM] CWE-20 CVE-2018-16064: Insufficient data validation in Extensions API in Google Chrome prior to 68.0.3440.75 allowed an att Insufficient data validation in Extensions API in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

CVE-2019-5818 [MEDIUM] CWE-908 CVE-2019-5818: Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obt Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file.

CVE-2018-6159 [MEDIUM] CWE-200 CVE-2018-6159: Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a re Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2018-6128 [MEDIUM] CWE-79 CVE-2018-6128: Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attac Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVE-2019-5839 [MEDIUM] CWE-20 CVE-2019-5839: Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote atta Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.

CVE-2018-6136 [MEDIUM] CWE-125 CVE-2018-6136: Missing type check in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform Missing type check in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2018-6129 [MEDIUM] CWE-125 CVE-2018-6129: Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacke Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

CVE-2018-16075 [MEDIUM] CVE-2018-16075: Insufficient file type enforcement in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote Insufficient file type enforcement in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain local file data via a crafted HTML page.

CVE-2019-5785 [MEDIUM] CWE-787 CVE-2019-5785: Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote att Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.