CVE search results

31 – 40 of 878 results

Detailed view

Sort by:

CVE-2018-16075

Medium priority

Some fixes available 3 of 4

Insufficient file type enforcement in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain local file data via a crafted HTML page.

2 affected packages

chromium-browser, oxide-qt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
chromium-browser	—	—	—	Fixed	Fixed
oxide-qt	—	—	—	Not in release	Ignored

CVE-2018-16074

Medium priority

Some fixes available 3 of 4

Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.

2 affected packages

chromium-browser, oxide-qt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
chromium-browser	—	—	—	Fixed	Fixed
oxide-qt	—	—	—	Not in release	Ignored

CVE-2018-16073

Medium priority

Some fixes available 3 of 4

Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.

2 affected packages

chromium-browser, oxide-qt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
chromium-browser	—	—	—	Fixed	Fixed
oxide-qt	—	—	—	Not in release	Ignored

CVE-2018-16070

Medium priority

Some fixes available 3 of 4

Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2 affected packages

chromium-browser, oxide-qt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
chromium-browser	—	—	—	Fixed	Fixed
oxide-qt	—	—	—	Not in release	Ignored

CVE-2018-16069

Medium priority

Some fixes available 3 of 4

Unintended floating-point error accumulation in SwiftShader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

2 affected packages

chromium-browser, oxide-qt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
chromium-browser	—	—	—	Fixed	Fixed
oxide-qt	—	—	—	Not in release	Ignored

CVE-2018-5179

Medium priority

Some fixes available 3 of 4

A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60.

2 affected packages

chromium-browser, oxide-qt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
chromium-browser	—	—	—	Fixed	Fixed
oxide-qt	—	—	—	Not in release	Ignored

In libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to CVE-2018-19212.

3 affected packages

chromium-browser, oxide-qt, qtwebengine-opensource-src

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
chromium-browser	Not affected	Not affected	Not affected	Not affected	Not affected
oxide-qt	Not in release	Not in release	Not in release	Not in release	Vulnerable
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release

CVE-2018-6179

Low priority

Some fixes available 3 of 4

Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local...

2 affected packages

chromium-browser, oxide-qt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
chromium-browser	—	—	—	Fixed	Fixed
oxide-qt	—	—	—	Not in release	Ignored

CVE-2018-6178

Low priority

Some fixes available 3 of 4

Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension.

2 affected packages

chromium-browser, oxide-qt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
chromium-browser	—	—	—	Fixed	Fixed
oxide-qt	—	—	—	Not in release	Ignored

CVE-2018-6175

Low priority

Some fixes available 3 of 4

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

2 affected packages

chromium-browser, oxide-qt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
chromium-browser	—	—	—	Fixed	Fixed
oxide-qt	—	—	—	Not in release	Ignored

Export to JSON

Results by page:

Search CVE reports

CVE-2018-16075

CVE-2018-16074

CVE-2018-16073

CVE-2018-16070

CVE-2018-16069

CVE-2018-5179

CVE-2019-9746

CVE-2018-6179

CVE-2018-6178

CVE-2018-6175