Google Chrome vulnerabilities

CVE-2018-20069 [MEDIUM] CVE-2018-20069: Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page.

CVE-2018-16067 [MEDIUM] CWE-416 CVE-2018-16067: A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to pot A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-6164 [MEDIUM] CWE-200 CVE-2018-6164: Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2018-16082 [MEDIUM] CWE-125 CVE-2018-16082: An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacke An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

CVE-2018-6091 [MEDIUM] CWE-19 CVE-2018-6091: Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2018-6166 [MEDIUM] CVE-2018-6166: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVE-2018-17459 [MEDIUM] CVE-2018-17459: Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 all Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2018-20068 [MEDIUM] CWE-20 CVE-2018-20068: Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page.

CVE-2018-6160 [MEDIUM] CWE-20 CVE-2018-6160: JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacke JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2018-6175 [MEDIUM] CVE-2018-6175: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVE-2018-16084 [MEDIUM] CWE-79 CVE-2018-16084: The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page.

CVE-2018-6163 [MEDIUM] CVE-2018-6163: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVE-2018-16072 [MEDIUM] CWE-346 CVE-2018-16072: A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allo A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

CVE-2018-6114 [MEDIUM] CWE-20 CVE-2018-6114: Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allo Incorrect enforcement of CSP for tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CVE-2018-6178 [MEDIUM] CWE-1021 CVE-2018-6178: Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension.

CVE-2018-6169 [MEDIUM] CWE-20 CVE-2018-6169: Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 all Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page.

CVE-2018-6167 [MEDIUM] CVE-2018-6167: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVE-2018-6113 [MEDIUM] CWE-20 CVE-2018-6113: Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0. Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVE-2018-6143 [MEDIUM] CWE-125 CVE-2018-6143: Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to pe Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2018-16066 [MEDIUM] CWE-416 CVE-2018-16066: A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potent A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.