Google Chrome vulnerabilities

CVE-2018-17475 [MEDIUM] CVE-2018-17475: Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2018-17464 [MEDIUM] CVE-2018-17464: Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2018-6082 [MEDIUM] CWE-200 CVE-2018-6082: Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325 Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.

CVE-2018-17476 [MEDIUM] CVE-2018-17476: Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attack Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.

CVE-2018-6077 [MEDIUM] CWE-200 CVE-2018-6077: Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrom Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2018-6075 [MEDIUM] CWE-200 CVE-2018-6075: Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction.

CVE-2018-17477 [MEDIUM] CVE-2018-17477: Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote att Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page.

CVE-2018-17471 [MEDIUM] CVE-2018-17471: Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote at Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.

CVE-2018-6076 [MEDIUM] CWE-79 CVE-2018-6076: Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 a Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page.

CVE-2018-6078 [MEDIUM] CWE-20 CVE-2018-6078: Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allow Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

CVE-2018-6070 [MEDIUM] CWE-79 CVE-2018-6070: Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an at Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.

CVE-2018-6066 [MEDIUM] CWE-200 CVE-2018-6066: Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325 Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2018-6079 [MEDIUM] CWE-200 CVE-2018-6079: Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome pri Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2018-6080 [MEDIUM] CWE-269 CVE-2018-6080: Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a r Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .

CVE-2018-6081 [MEDIUM] CWE-79 CVE-2018-6081: XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.

CVE-2018-17467 [MEDIUM] CWE-459 CVE-2018-17467: Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0 Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2018-6068 [MEDIUM] CWE-20 CVE-2018-6068: Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2018-17468 [MEDIUM] CWE-200 CVE-2018-17468: Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.35 Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.

CVE-2018-6069 [MEDIUM] CWE-125 CVE-2018-6069: Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to p Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2018-17473 [MEDIUM] CVE-2018-17473: Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowe Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.