Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux_server
(Redhat)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-01-09 | CVE-2018-6123 | A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Debian_linux, Chrome, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
| 2019-01-09 | CVE-2018-6097 | Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page. | Debian_linux, Chrome, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
| 2019-01-09 | CVE-2018-6100 | Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | Debian_linux, Chrome, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
| 2019-01-09 | CVE-2018-6106 | An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page. | Debian_linux, Chrome, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 8.8 | ||
| 2019-01-09 | CVE-2018-6109 | readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page. | Debian_linux, Chrome, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
| 2019-01-09 | CVE-2018-6110 | Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page. | Debian_linux, Chrome, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 5.4 | ||
| 2019-01-09 | CVE-2018-6111 | An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page. | Debian_linux, Chrome, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 8.8 | ||
| 2019-01-09 | CVE-2018-6112 | Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | Debian_linux, Chrome, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 4.3 | ||
| 2019-01-09 | CVE-2018-6113 | Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | Debian_linux, Chrome, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 | ||
| 2019-01-09 | CVE-2018-6114 | Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page. | Debian_linux, Chrome, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 6.5 |