Google: >> Chrome Os Security Vulnerabilities
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVSS Score
8.8
EPSS Score
0.452
Published
2018-05-19
Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVSS Score
9.8
EPSS Score
0.249
Published
2018-05-19
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVSS Score
8.8
EPSS Score
0.015
Published
2018-05-19
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVSS Score
8.8
EPSS Score
0.041
Published
2018-05-19
Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.
CVSS Score
9.8
EPSS Score
0.032
Published
2018-03-07
Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position.
CVSS Score
7.4
EPSS Score
0.003
Published
2018-02-07
Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue.
CVSS Score
7.8
EPSS Score
0.004
Published
2018-02-07
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.05
Published
2018-02-06
CVE-2018-4878
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
Known exploited
CVSS Score
9.8
EPSS Score
0.931
Published
2018-02-06
An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
CVSS Score
7.5
EPSS Score
0.028
Published
2018-01-09