| Max CVSS | 6.8 | Min CVSS | 2.9 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-6156 | 6.8 |
Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
|
27-02-2023 - 16:42 | 27-06-2019 - 17:15 | |
| CVE-2018-6155 | 4.3 |
Incorrect handling of frames in the VP8 parser in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
|
24-08-2020 - 17:37 | 27-06-2019 - 17:15 | |
| CVE-2018-6154 | 6.8 |
Insufficient data validation in WebGL in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
24-08-2020 - 17:37 | 27-06-2019 - 17:15 | |
| CVE-2018-6157 | 6.8 |
Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
|
01-07-2019 - 19:21 | 27-06-2019 - 17:15 | |
| CVE-2018-6159 | 4.3 |
Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
|
01-07-2019 - 19:15 | 27-06-2019 - 17:15 | |
| CVE-2018-6171 | 2.9 |
Use after free in Bluetooth in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.
|
01-07-2019 - 18:58 | 27-06-2019 - 17:15 | |
| CVE-2018-16064 | 4.3 |
Insufficient data validation in Extensions API in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
|
28-06-2019 - 16:49 | 27-06-2019 - 17:15 | |
| CVE-2018-17460 | 4.3 |
Insufficient data validation in filesystem URIs in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
|
28-06-2019 - 16:27 | 27-06-2019 - 17:15 | |
| CVE-2018-6168 | 4.3 |
Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
|
28-06-2019 - 15:36 | 27-06-2019 - 17:15 | |
| CVE-2018-6161 | 6.8 |
Insufficient policy enforcement in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
|
28-06-2019 - 15:36 | 27-06-2019 - 17:15 | |
| CVE-2018-6176 | 4.6 |
Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension.
|
28-06-2019 - 15:36 | 27-06-2019 - 17:15 | |
| CVE-2018-6177 | 4.3 |
Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
|
28-06-2019 - 15:35 | 27-06-2019 - 17:15 |