CVE-2018-18355
- EPSS 1.15%
- Veröffentlicht 11.12.2018 16:29:01
- Zuletzt bearbeitet 21.11.2024 03:55:46
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVE-2018-18356
- EPSS 3.13%
- Veröffentlicht 11.12.2018 16:29:01
- Zuletzt bearbeitet 21.11.2024 03:55:46
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-17480
- EPSS 34.29%
- Veröffentlicht 11.12.2018 16:29:00
- Zuletzt bearbeitet 24.10.2025 14:11:02
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2018-17481
- EPSS 1.61%
- Veröffentlicht 11.12.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:54:30
Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2018-18335
- EPSS 3.72%
- Veröffentlicht 11.12.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:44
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-18336
- EPSS 1.53%
- Veröffentlicht 11.12.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:44
Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2018-18337
- EPSS 1.68%
- Veröffentlicht 11.12.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:44
Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-18338
- EPSS 1.42%
- Veröffentlicht 11.12.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:44
Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-18339
- EPSS 1.42%
- Veröffentlicht 11.12.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:55:44
Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-20004
- EPSS 2.03%
- Veröffentlicht 10.12.2018 06:29:00
- Zuletzt bearbeitet 21.11.2024 04:00:43
An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by test...