Google: >> Chrome >> 10.0.648.66 Security Vulnerabilities
Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVSS Score
8.8
EPSS Score
0.016
Published
2018-12-11
Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.028
Published
2018-12-11
Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.016
Published
2018-12-11
Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.014
Published
2018-12-11
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.
CVSS Score
9.6
EPSS Score
0.009
Published
2018-12-04
A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.024
Published
2018-12-04
A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.017
Published
2018-12-04
An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
CVSS Score
8.8
EPSS Score
0.024
Published
2018-12-04
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.009
Published
2018-12-04
An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.019
Published
2018-12-04