Google

Chrome

3866 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2017-5083

  • EPSS 0.67%
  • Veröffentlicht 27.10.2017 05:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.

6.5

CVE-2017-5086

  • EPSS 0.67%
  • Veröffentlicht 27.10.2017 05:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

8.8

CVE-2017-5087

  • EPSS 0.86%
  • Veröffentlicht 27.10.2017 05:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape.

8.8

CVE-2017-5088

  • EPSS 0.86%
  • Veröffentlicht 27.10.2017 05:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

6.5

CVE-2017-5089

  • EPSS 0.67%
  • Veröffentlicht 27.10.2017 05:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name.

6.5

CVE-2017-5090

  • EPSS 0.16%
  • Veröffentlicht 27.10.2017 05:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.115 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name containing a U+0620 character, aka Apple rdar problem 32458012.

8.8

CVE-2017-5091

  • EPSS 1.1%
  • Veröffentlicht 27.10.2017 05:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

8.8

CVE-2017-5092

  • EPSS 1.48%
  • Veröffentlicht 27.10.2017 05:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

6.5

CVE-2017-5093

  • EPSS 1.16%
  • Veröffentlicht 27.10.2017 05:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page.

6.5

CVE-2017-5094

  • EPSS 0.99%
  • Veröffentlicht 27.10.2017 05:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page.