Google Chrome vulnerabilities

CVE-2018-6080 [MEDIUM] CWE-269 CVE-2018-6080: Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a r Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .

CVE-2018-6081 [MEDIUM] CWE-79 CVE-2018-6081: XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.

CVE-2018-17467 [MEDIUM] CWE-459 CVE-2018-17467: Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0 Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2018-6068 [MEDIUM] CWE-20 CVE-2018-6068: Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2018-17468 [MEDIUM] CWE-200 CVE-2018-17468: Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.35 Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.

CVE-2018-6069 [MEDIUM] CWE-125 CVE-2018-6069: Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to p Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2018-17473 [MEDIUM] CVE-2018-17473: Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowe Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

CVE-2018-6034 [HIGH] CWE-125 CVE-2018-6034: Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attac Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2018-6054 [HIGH] CWE-416 CVE-2018-6054: Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potenti Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.

CVE-2018-6043 [HIGH] CWE-20 CVE-2018-6043: Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 al Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.

CVE-2018-6035 [HIGH] CWE-200 CVE-2018-6035: Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.

CVE-2018-6031 [HIGH] CWE-416 CVE-2018-6031: Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potent Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

CVE-2018-6033 [HIGH] CWE-20 CVE-2018-6033: Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote a Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.

CVE-2018-6055 [HIGH] CWE-20 CVE-2018-6055: Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page.

CVE-2018-6040 [MEDIUM] CWE-732 CVE-2018-6040: Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote at Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.

CVE-2018-6052 [MEDIUM] CWE-200 CVE-2018-6052: Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0. Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.

CVE-2018-6119 [MEDIUM] CWE-20 CVE-2018-6119: Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker t Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2018-6036 [MEDIUM] CWE-20 CVE-2018-6036: Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page.

CVE-2018-6032 [MEDIUM] CWE-20 CVE-2018-6032: Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote at Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.

CVE-2018-6037 [MEDIUM] CWE-200 CVE-2018-6037: Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote at Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page.