Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2018-AVI-054
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Google Chrome. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Chrome versions ant\u00e9rieures \u00e0 64.0.3282.119",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-6054",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6054"
},
{
"name": "CVE-2018-6052",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6052"
},
{
"name": "CVE-2018-6050",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6050"
},
{
"name": "CVE-2018-6039",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6039"
},
{
"name": "CVE-2017-15420",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15420"
},
{
"name": "CVE-2018-6036",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6036"
},
{
"name": "CVE-2018-6047",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6047"
},
{
"name": "CVE-2018-6053",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6053"
},
{
"name": "CVE-2018-6033",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6033"
},
{
"name": "CVE-2018-6048",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6048"
},
{
"name": "CVE-2018-6038",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6038"
},
{
"name": "CVE-2018-6041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6041"
},
{
"name": "CVE-2018-6046",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6046"
},
{
"name": "CVE-2018-6042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6042"
},
{
"name": "CVE-2018-6037",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6037"
},
{
"name": "CVE-2018-6049",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6049"
},
{
"name": "CVE-2018-6031",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6031"
},
{
"name": "CVE-2018-6035",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6035"
},
{
"name": "CVE-2018-6051",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6051"
},
{
"name": "CVE-2018-6040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6040"
},
{
"name": "CVE-2018-6034",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6034"
},
{
"name": "CVE-2018-6032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6032"
},
{
"name": "CVE-2018-6045",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6045"
},
{
"name": "CVE-2018-6043",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6043"
}
],
"initial_release_date": "2018-01-25T00:00:00",
"last_revision_date": "2018-01-25T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-054",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-01-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Google Chrome. Elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 24 janvier 2018",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed:+GoogleChromeReleases+(Google+Chrome+Releases)"
}
]
}
CVE-2018-6051 (GCVE-0-2018-6051)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:52.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/441275"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/441275"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "https://crbug.com/441275",
"refsource": "CONFIRM",
"url": "https://crbug.com/441275"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6051",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:52.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15420 (GCVE-0-2017-15420)
Vulnerability from cvelistv5
Published
2018-08-28 19:00
Modified
2024-08-05 19:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:25.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/777419"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2017:3401",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3401"
},
{
"name": "GLSA-201801-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201801-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html"
},
{
"name": "DSA-4064",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4064"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "63.0.3239.84",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T18:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/777419"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2017:3401",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3401"
},
{
"name": "GLSA-201801-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201801-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html"
},
{
"name": "DSA-4064",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4064"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-15420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "63.0.3239.84"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/777419",
"refsource": "MISC",
"url": "https://crbug.com/777419"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2017:3401",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3401"
},
{
"name": "GLSA-201801-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201801-03"
},
{
"name": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html"
},
{
"name": "DSA-4064",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4064"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2017-15420",
"datePublished": "2018-08-28T19:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:25.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6053 (GCVE-0-2018-6053)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:52.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/758169"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/758169"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "https://crbug.com/758169",
"refsource": "CONFIRM",
"url": "https://crbug.com/758169"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6053",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:52.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6042 (GCVE-0-2018-6042)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect security UI
Summary
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:52.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/773930"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect security UI",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/773930"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect security UI"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "https://crbug.com/773930",
"refsource": "CONFIRM",
"url": "https://crbug.com/773930"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6042",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:52.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6046 (GCVE-0-2018-6046)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficient data validation
Summary
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:52.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/798163"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient data validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/798163"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient data validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"name": "https://crbug.com/798163",
"refsource": "CONFIRM",
"url": "https://crbug.com/798163"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6046",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:52.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6032 (GCVE-0-2018-6032)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficient policy enforcement
Summary
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:52.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/787103"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient policy enforcement",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/787103"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"name": "https://crbug.com/787103",
"refsource": "CONFIRM",
"url": "https://crbug.com/787103"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6032",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:52.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6052 (GCVE-0-2018-6052)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:52.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/615608"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/615608"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "https://crbug.com/615608",
"refsource": "CONFIRM",
"url": "https://crbug.com/615608"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6052",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:52.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6040 (GCVE-0-2018-6040)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficient policy enforcement
Summary
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:51.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/778658"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient policy enforcement",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/778658"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "https://crbug.com/778658",
"refsource": "CONFIRM",
"url": "https://crbug.com/778658"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6040",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:51.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6049 (GCVE-0-2018-6049)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect security UI
Summary
Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:52.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/774438"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect security UI",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/774438"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect security UI"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"name": "https://crbug.com/774438",
"refsource": "CONFIRM",
"url": "https://crbug.com/774438"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6049",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:52.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6036 (GCVE-0-2018-6036)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficient data validation
Summary
Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:51.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/789952"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient data validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/789952"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient data validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "https://crbug.com/789952",
"refsource": "CONFIRM",
"url": "https://crbug.com/789952"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6036",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:51.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6043 (GCVE-0-2018-6043)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficient data validation
Summary
Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:53.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/785809"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient data validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/785809"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient data validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"name": "https://crbug.com/785809",
"refsource": "CONFIRM",
"url": "https://crbug.com/785809"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6043",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:53.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6047 (GCVE-0-2018-6047)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficient policy enforcement
Summary
Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:52.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/799847"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient policy enforcement",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/799847"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "https://crbug.com/799847",
"refsource": "CONFIRM",
"url": "https://crbug.com/799847"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6047",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:52.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6038 (GCVE-0-2018-6038)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Heap buffer overflow
Summary
Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:52.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/774174"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/774174"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "https://crbug.com/774174",
"refsource": "CONFIRM",
"url": "https://crbug.com/774174"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6038",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:52.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6037 (GCVE-0-2018-6037)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:51.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/753645"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/753645"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "https://crbug.com/753645",
"refsource": "CONFIRM",
"url": "https://crbug.com/753645"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6037",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:51.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6050 (GCVE-0-2018-6050)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect security UI
Summary
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:52.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/774842"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect security UI",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/774842"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect security UI"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "https://crbug.com/774842",
"refsource": "CONFIRM",
"url": "https://crbug.com/774842"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6050",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:52.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6034 (GCVE-0-2018-6034)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficient data validation
Summary
Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:51.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/784183"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient data validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/784183"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient data validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "https://crbug.com/784183",
"refsource": "CONFIRM",
"url": "https://crbug.com/784183"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6034",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:51.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6041 (GCVE-0-2018-6041)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect security UI
Summary
Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:52.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/760342"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect security UI",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/760342"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect security UI"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"name": "https://crbug.com/760342",
"refsource": "CONFIRM",
"url": "https://crbug.com/760342"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6041",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:52.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6048 (GCVE-0-2018-6048)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficient policy enforcement
Summary
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:53.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/763194"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient policy enforcement",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/763194"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "https://crbug.com/763194",
"refsource": "CONFIRM",
"url": "https://crbug.com/763194"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6048",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:53.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6045 (GCVE-0-2018-6045)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:52.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/797497"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/797497"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "https://crbug.com/797497",
"refsource": "CONFIRM",
"url": "https://crbug.com/797497"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6045",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:52.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6039 (GCVE-0-2018-6039)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficient data validation
Summary
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:52.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/775527"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient data validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/775527"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient data validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"name": "https://crbug.com/775527",
"refsource": "CONFIRM",
"url": "https://crbug.com/775527"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6039",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:52.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6054 (GCVE-0-2018-6054)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use after free
Summary
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:52.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/797511"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/797511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"name": "https://crbug.com/797511",
"refsource": "CONFIRM",
"url": "https://crbug.com/797511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6054",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:52.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6031 (GCVE-0-2018-6031)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use after free
Summary
Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:52.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/780450"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/780450"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "https://crbug.com/780450",
"refsource": "CONFIRM",
"url": "https://crbug.com/780450"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6031",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:52.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6033 (GCVE-0-2018-6033)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficient data validation
Summary
Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:52.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/793620"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient data validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/793620"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient data validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "https://crbug.com/793620",
"refsource": "CONFIRM",
"url": "https://crbug.com/793620"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6033",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:52.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6035 (GCVE-0-2018-6035)
Vulnerability from cvelistv5
Published
2018-09-25 14:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficient policy enforcement
Summary
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:52.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://crbug.com/797500"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "64.0.3282.119",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient policy enforcement",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-26T09:57:01",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://crbug.com/797500"
},
{
"name": "DSA-4103",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "https://crbug.com/797500",
"refsource": "CONFIRM",
"url": "https://crbug.com/797500"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2018-6035",
"datePublished": "2018-09-25T14:00:00",
"dateReserved": "2018-01-23T00:00:00",
"dateUpdated": "2024-08-05T05:54:52.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…