Redhat Linux Desktop vulnerabilities

CVE-2018-18336 [HIGH] CWE-416 CVE-2018-18336: Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacke Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

CVE-2018-18339 [HIGH] CWE-416 CVE-2018-18339: Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attac Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-18341 [HIGH] CWE-190 CVE-2018-18341: An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.8 An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-18337 [HIGH] CWE-416 CVE-2018-18337: Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71. Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-18338 [HIGH] CWE-787 CVE-2018-18338: Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a r Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-17481 [HIGH] CWE-416 CVE-2018-17481: Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remot Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

CVE-2018-18343 [HIGH] CWE-416 CVE-2018-18343: Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.8 Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-18359 [HIGH] CWE-125 CVE-2018-18359: Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remot Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2018-18347 [HIGH] CWE-20 CVE-2018-18347: Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 7 Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.

CVE-2018-18340 [HIGH] CWE-416 CVE-2018-18340: Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-18346 [MEDIUM] CVE-2018-18346: Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a re Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page.

CVE-2018-6086 [HIGH] CWE-416 CVE-2018-6086: A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cach A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

CVE-2018-6101 [HIGH] CWE-20 CVE-2018-6101: A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attac A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.

CVE-2018-6087 [HIGH] CWE-416 CVE-2018-6087: A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2018-6088 [HIGH] CWE-20 CVE-2018-6088: An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote atta An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

CVE-2018-6090 [HIGH] CWE-190 CVE-2018-6090: An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359. An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2018-6094 [HIGH] CWE-787 CVE-2018-6094: Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attack Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-6092 [HIGH] CWE-190 CVE-2018-6092: An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2018-6085 [HIGH] CWE-416 CVE-2018-6085: Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

CVE-2018-6098 [MEDIUM] CVE-2018-6098: Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.