Google Chrome vulnerabilities

CVE-2017-15418 [MEDIUM] CWE-119 CVE-2017-15418: Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2017-15429 [MEDIUM] CWE-79 CVE-2017-15429: Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 a Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

CVE-2017-15427 [MEDIUM] CWE-79 CVE-2017-15427: Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.

CVE-2017-15424 [MEDIUM] CWE-20 CVE-2017-15424: Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote a Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

CVE-2017-15415 [MEDIUM] CWE-119 CVE-2017-15415: Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to l Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.

CVE-2017-15430 [MEDIUM] CVE-2017-15430: Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a r Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

CVE-2017-15425 [MEDIUM] CWE-20 CVE-2017-15425: Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote a Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

CVE-2017-15419 [MEDIUM] CWE-601 CVE-2017-15419: Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowe Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.

CVE-2017-15422 [MEDIUM] CWE-190 CVE-2017-15422: Integer overflow in international date handling in International Components for Unicode (ICU) for C/ Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2017-15416 [MEDIUM] CWE-119 CVE-2017-15416: Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.

CVE-2017-15387 [HIGH] CVE-2017-15387: Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page.

CVE-2017-15393 [HIGH] CWE-668 CVE-2017-15393: Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.

CVE-2017-5130 [HIGH] CWE-787 CVE-2017-5130: An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3 An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

CVE-2017-5133 [HIGH] CWE-787 CVE-2017-5133: Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote a Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file.

CVE-2017-5131 [HIGH] CWE-190 CVE-2017-5131: An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to pote An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.

CVE-2017-5125 [HIGH] CWE-119 CVE-2017-5125: Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to pot Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2017-15388 [HIGH] CWE-125 CVE-2017-15388: Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2017-5127 [HIGH] CWE-416 CVE-2017-5127: Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potenti Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

CVE-2017-5132 [HIGH] CWE-119 CVE-2017-5132: Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation.

CVE-2017-5129 [HIGH] CWE-416 CVE-2017-5129: A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attack A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.