Google Chrome vulnerabilities

CVE-2018-6105 [MEDIUM] CVE-2018-6105: Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allow Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVE-2018-6103 [MEDIUM] CVE-2018-6103: A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote att A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.

CVE-2018-6104 [MEDIUM] CVE-2018-6104: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVE-2018-6102 [MEDIUM] CWE-20 CVE-2018-6102: Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowe Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

CVE-2018-6108 [MEDIUM] CVE-2018-6108: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.

CVE-2018-6089 [MEDIUM] CWE-20 CVE-2018-6089: A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.

CVE-2018-6107 [MEDIUM] CVE-2018-6107: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVE-2018-17462 [CRITICAL] CWE-416 CVE-2018-17462: Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker t Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.

CVE-2018-17472 [CRITICAL] CWE-20 CVE-2018-17472: Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.35 Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the sandbox via a crafted HTML page.

CVE-2018-17466 [HIGH] CWE-125 CVE-2018-17466: Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2018-6074 [HIGH] CWE-20 CVE-2018-6074: Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remo Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.

CVE-2018-6064 [HIGH] CWE-704 CVE-2018-6064: Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.1 Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-6062 [HIGH] CWE-787 CVE-2018-6062: Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to per Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

CVE-2018-6057 [HIGH] CWE-732 CVE-2018-6057: Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote at Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.

CVE-2018-6065 [HIGH] CWE-190 CVE-2018-6065: Integer overflow in computing the required allocation size when instantiating a new javascript objec Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-6067 [HIGH] CWE-125 CVE-2018-6067: Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacke Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-6061 [HIGH] CWE-362 CVE-2018-6061: A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-17463 [HIGH] CVE-2018-17463: Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attac Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2018-6072 [HIGH] CWE-190 CVE-2018-6072: An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allo An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

CVE-2018-6060 [HIGH] CWE-416 CVE-2018-6060: Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to pote Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.