Max CVSS | 7.2 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-6084 | 7.2 |
Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.
|
08-09-2021 - 17:21 | 09-01-2019 - 19:29 | |
CVE-2018-6097 | 4.3 |
Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page.
|
08-09-2021 - 17:21 | 09-01-2019 - 19:29 | |
CVE-2018-6113 | 4.3 |
Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
|
08-09-2021 - 17:21 | 09-01-2019 - 19:29 | |
CVE-2018-6103 | 4.3 |
A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page.
|
24-08-2020 - 17:37 | 04-12-2018 - 17:29 | |
CVE-2018-6094 | 6.8 |
Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
24-08-2020 - 17:37 | 04-12-2018 - 17:29 | |
CVE-2018-6107 | 4.3 |
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
|
03-10-2019 - 00:03 | 04-12-2018 - 17:29 | |
CVE-2018-6112 | 4.3 |
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
|
03-10-2019 - 00:03 | 09-01-2019 - 19:29 | |
CVE-2018-6098 | 4.3 |
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
|
03-10-2019 - 00:03 | 04-12-2018 - 17:29 | |
CVE-2018-6104 | 4.3 |
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
|
03-10-2019 - 00:03 | 04-12-2018 - 17:29 | |
CVE-2018-6108 | 4.3 |
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.
|
03-10-2019 - 00:03 | 04-12-2018 - 17:29 | |
CVE-2018-6105 | 4.3 |
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
|
03-10-2019 - 00:03 | 04-12-2018 - 17:29 | |
CVE-2018-6099 | 4.3 |
A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
|
01-03-2019 - 20:36 | 04-12-2018 - 17:29 | |
CVE-2018-6086 | 6.8 |
A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
|
01-03-2019 - 20:33 | 04-12-2018 - 17:29 | |
CVE-2018-6089 | 4.3 |
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
|
01-03-2019 - 20:31 | 04-12-2018 - 17:29 | |
CVE-2018-6090 | 6.8 |
An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
|
01-03-2019 - 20:27 | 04-12-2018 - 17:29 | |
CVE-2018-6085 | 6.8 |
Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
|
01-03-2019 - 20:03 | 04-12-2018 - 17:29 | |
CVE-2018-6101 | 5.1 |
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.
|
01-03-2019 - 19:55 | 04-12-2018 - 17:29 | |
CVE-2018-6088 | 6.8 |
An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
|
01-03-2019 - 19:54 | 04-12-2018 - 17:29 | |
CVE-2018-6115 | 4.3 |
Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page.
|
01-03-2019 - 19:53 | 04-12-2018 - 17:29 | |
CVE-2018-6095 | 4.3 |
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page.
|
01-03-2019 - 19:50 | 04-12-2018 - 17:29 | |
CVE-2018-6087 | 6.8 |
A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
|
01-03-2019 - 19:45 | 04-12-2018 - 17:29 | |
CVE-2018-6092 | 6.8 |
An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
|
01-03-2019 - 19:39 | 04-12-2018 - 17:29 | |
CVE-2018-6102 | 4.3 |
Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
|
01-03-2019 - 19:26 | 04-12-2018 - 17:29 | |
CVE-2018-6116 | 4.3 |
A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
|
01-03-2019 - 19:20 | 04-12-2018 - 17:29 | |
CVE-2018-6091 | 4.3 |
Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
|
30-01-2019 - 18:27 | 09-01-2019 - 19:29 | |
CVE-2018-6096 | 4.3 |
A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
|
30-01-2019 - 18:16 | 09-01-2019 - 19:29 | |
CVE-2018-6100 | 4.3 |
Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
|
30-01-2019 - 18:01 | 09-01-2019 - 19:29 | |
CVE-2018-6106 | 6.8 |
An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page.
|
30-01-2019 - 17:12 | 09-01-2019 - 19:29 | |
CVE-2018-6109 | 4.3 |
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit
|
30-01-2019 - 17:02 | 09-01-2019 - 19:29 | |
CVE-2018-6110 | 5.8 |
Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page.
|
30-01-2019 - 16:47 | 09-01-2019 - 19:29 | |
CVE-2018-6093 | 4.3 |
Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
|
29-01-2019 - 20:01 | 09-01-2019 - 19:29 | |
CVE-2018-6111 | 6.8 |
An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.
|
16-01-2019 - 16:41 | 09-01-2019 - 19:29 | |
CVE-2018-6114 | 4.3 |
Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.
|
16-01-2019 - 15:22 | 09-01-2019 - 19:29 | |
CVE-2018-6117 | 4.3 |
Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
|
15-01-2019 - 20:57 | 09-01-2019 - 19:29 |