Shodan
Vulnerabilities
Vulnerable Software
Google:  >> Chrome  >> 10.0.648.66  Security Vulnerabilities
CVE-2018-6109
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.008
Published
2019-01-09
CVE-2018-6110
Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page.
CVSS Score
5.4
EPSS Score
0.01
Published
2019-01-09
CVE-2018-6111
An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.008
Published
2019-01-09
CVE-2018-6112
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVSS Score
4.3
EPSS Score
0.013
Published
2019-01-09
CVE-2018-6113
Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.01
Published
2019-01-09
CVE-2018-6114
Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.007
Published
2019-01-09
CVE-2018-6106
An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.014
Published
2019-01-09
CVE-2018-6096
A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.01
Published
2019-01-09
CVE-2018-6097
Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.01
Published
2019-01-09
CVE-2018-6100
Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVSS Score
6.5
EPSS Score
0.01
Published
2019-01-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved