CVE-2017-15389
- EPSS 1.36%
- Veröffentlicht 07.02.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:14:37
An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2017-15390
- EPSS 1.26%
- Veröffentlicht 07.02.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:14:37
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
CVE-2017-15391
- EPSS 1.36%
- Veröffentlicht 07.02.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:14:37
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.
CVE-2017-15392
- EPSS 0.84%
- Veröffentlicht 07.02.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:14:37
Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration.
CVE-2017-15393
- EPSS 1.41%
- Veröffentlicht 07.02.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:14:37
Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.
CVE-2017-15394
- EPSS 1.92%
- Veröffentlicht 07.02.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:14:37
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.
CVE-2017-15395
- EPSS 1.29%
- Veröffentlicht 07.02.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:14:37
A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.
CVE-2017-5124
- EPSS 5.25%
- Veröffentlicht 07.02.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:27:06
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.
CVE-2015-1290
- EPSS 3.3%
- Veröffentlicht 09.01.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 02:25:05
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
CVE-2017-1000460
- EPSS 0.49%
- Veröffentlicht 03.01.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:04:46
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exceptio...