ALT-PU-2018-2599-1

BDU:2018-01336

HIGH8.8

Уязвимость компонента AppCache веб-браузера Chrome, позволяющая нарушителю выйти из изолированной среды и выполнить произвольный код

Published: 2018-11-13Modified: 2021-03-23

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2018-17462

BDU:2018-01337

HIGH8.8

Уязвимость обработчика JavaScript-сценариев V8 веб-браузера Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Published: 2018-11-13Modified: 2025-02-06

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2018-17463

BDU:2018-01338

HIGH7.3

Уязвимость компонента Omnibox веб-браузера Chrome, позволяющая нарушителю подменить адрес URI

Published: 2018-11-13Modified: 2021-03-23

CVSS 3.xHIGH 7.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

References

CVE-2018-17464

BDU:2018-01339

HIGH8.8

Уязвимость библиотеи angle веб-браузера Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2018-11-13Modified: 2021-03-23

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2018-17466

BDU:2018-01340

HIGH7.3

Уязвимость компонента Omnibox веб-браузера Chrome, позволяющая нарушителю подменить адрес URI

Published: 2018-11-13Modified: 2021-03-23

CVSS 3.xHIGH 7.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

References

CVE-2018-17467

BDU:2019-04356

HIGH8.8

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании

Published: 2019-12-03

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2018-17465

BDU:2019-04357

MEDIUM6.5

Уязвимость механизма отображения веб-страниц Blink браузера Google Chrome, позволяющая нарушителю получить URL-адреса перекрестного происхождения

Published: 2019-12-03

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N

References

CVE-2018-17468

BDU:2019-04358

HIGH8.8

Уязвимость обработчика PDF-содержимого PDFium браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2019-12-03

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2018-17469

BDU:2019-04359

HIGH7.4

Уязвимость реализации движка графического процессора браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-12-03

CVSS 3.xHIGH 7.4

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2018-17470

BDU:2019-04360

MEDIUM4.3

Уязвимость браузера Google Chrome, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю скрыть предупреждение о переходе в полноэкранный режим

Published: 2019-12-03

CVSS 3.xMEDIUM 4.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

References

CVE-2018-17471

BDU:2019-04361

MEDIUM4.3

Уязвимость браузера Google Chrome, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю осуществить подмену содержимого компонента Omnibox (URL)

Published: 2019-12-03

CVSS 3.xMEDIUM 4.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

References

CVE-2018-17473

BDU:2019-04378

HIGH8.8

Уязвимость функции HTMLImportsController механизма отображения веб-страниц Blink браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2019-12-03

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2018-17474

BDU:2019-04379

MEDIUM4.3

Уязвимость браузера Google Chrome, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю осуществить подмену содержимого компонента Omnibox (URL)

Published: 2019-12-03

CVSS 3.xMEDIUM 4.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

References

CVE-2018-17475

BDU:2019-04380

MEDIUM4.3

Уязвимость компонента Cast браузера Google Chrome, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю скрыть предупреждение о переходе в полноэкранный режим

Published: 2019-12-03

CVSS 3.xMEDIUM 4.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

References

CVE-2018-17476

BDU:2019-04381

MEDIUM4.3

Уязвимость браузера Google Chrome, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю осуществить подмену пользовательского интерфейса во вкладке «Расширения»

Published: 2019-12-03

CVSS 3.xMEDIUM 4.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

References

CVE-2018-17477

BDU:2019-04383

HIGH7.5

Уязвимость скрипта ServiceWorker браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2019-12-03

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N

References

CVE-2018-5179

CVE-2018-17462

CRITICAL9.6

Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.

Published: 2018-11-14Modified: 2024-11-21

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xCRITICAL 9.6

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References

CVE-2018-17463

HIGH8.8

Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Published: 2018-11-14Modified: 2025-10-24

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2018-17464

MEDIUM4.3

Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Published: 2018-11-14Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References

CVE-2018-17465

HIGH8.8

Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

Published: 2018-11-14Modified: 2024-11-21

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2018-17466

HIGH8.8

Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Published: 2018-11-14Modified: 2024-11-21

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2018-17467

MEDIUM4.3

Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Published: 2018-11-14Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References

CVE-2018-17468

MEDIUM6.5

Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.

Published: 2018-11-14Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References

CVE-2018-17469

HIGH8.8

Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

Published: 2018-11-14Modified: 2024-11-21

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2018-17470

HIGH7.4

A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Published: 2019-01-09Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xHIGH 7.4

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H

References

CVE-2018-17471

MEDIUM4.3

Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.

Published: 2018-11-14Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References

CVE-2018-17472

CRITICAL9.6

Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the sandbox via a crafted HTML page.</h3><div class="cve-card-meta"><span><strong>Published:</strong> 2018-11-14</span><span><strong>Modified:</strong> 2024-11-21</span></div><div class="cve-card-cvss"><div class="cve-card-cvss-head"><div class="cvss-tabs"><span class="cvss-tab is-on">CVSS 2.0</span><span class="cvss-tab sev-fg-medium">MEDIUM 6.8</span></div><code class="cvss-vector-text">CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P</code></div></div><div class="cve-card-cvss"><div class="cve-card-cvss-head"><div class="cvss-tabs"><span class="cvss-tab is-on">CVSS 3.x</span><span class="cvss-tab sev-fg-critical">CRITICAL 9.6</span></div><code class="cvss-vector-text">CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H</code></div></div><div class="cve-card-refs"><div class="cve-card-refs-h">References</div><ul><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="http://www.securityfocus.com/bid/105666" target="_blank" rel="noreferrer">http://www.securityfocus.com/bid/105666</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" target="_blank" rel="noreferrer">https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://crbug.com/822518" target="_blank" rel="noreferrer">https://crbug.com/822518</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://security.gentoo.org/glsa/201811-10" target="_blank" rel="noreferrer">https://security.gentoo.org/glsa/201811-10</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="http://www.securityfocus.com/bid/105666" target="_blank" rel="noreferrer">http://www.securityfocus.com/bid/105666</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" target="_blank" rel="noreferrer">https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://crbug.com/822518" target="_blank" rel="noreferrer">https://crbug.com/822518</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://security.gentoo.org/glsa/201811-10" target="_blank" rel="noreferrer">https://security.gentoo.org/glsa/201811-10</a></li></ul></div></div></article><article class="cve-card cve-card-medium" id="CVE-2018-17473" data-sev="MEDIUM"><div class="cve-card-rail sev-bg-medium"></div><div class="cve-card-body"><header class="cve-card-head"><div class="cve-card-id-row"><a class="cve-card-id" href="https://nvd.nist.gov/vuln/detail/CVE-2018-17473" target="_blank" rel="noreferrer">CVE-2018-17473</a><button type="button" class="copy-btn" data-copy="CVE-2018-17473" aria-label="Copy"><svg width="13" height="13" viewBox="0 0 16 16" aria-hidden="true"><rect x="5" y="5" width="9" height="9" rx="1.5" fill="none" stroke="currentColor" stroke-width="1.5"/><path d="M3 11V3.5A1.5 1.5 0 0 1 4.5 2H11" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round"/></svg><span>CVE-2018-17473</span></button><a class="cve-card-permalink" href="#CVE-2018-17473" aria-label="Permalink"><svg width="13" height="13" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round"/></svg></a></div><div class="cve-card-badges"><span class="sev-badge sev-md sev-badge-medium"><span class="sev-dot"></span><span class="sev-name">MEDIUM</span><span class="sev-score">4.3</span></span></div></header><h3 class="cve-card-title">Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.</h3><div class="cve-card-meta"><span><strong>Published:</strong> 2018-11-14</span><span><strong>Modified:</strong> 2024-11-21</span></div><div class="cve-card-cvss"><div class="cve-card-cvss-head"><div class="cvss-tabs"><span class="cvss-tab is-on">CVSS 2.0</span><span class="cvss-tab sev-fg-medium">MEDIUM 4.3</span></div><code class="cvss-vector-text">CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N</code></div></div><div class="cve-card-cvss"><div class="cve-card-cvss-head"><div class="cvss-tabs"><span class="cvss-tab is-on">CVSS 3.x</span><span class="cvss-tab sev-fg-medium">MEDIUM 4.3</span></div><code class="cvss-vector-text">CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N</code></div></div><div class="cve-card-refs"><div class="cve-card-refs-h">References</div><ul><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="http://www.securityfocus.com/bid/105666" target="_blank" rel="noreferrer">http://www.securityfocus.com/bid/105666</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://access.redhat.com/errata/RHSA-2018:3004" target="_blank" rel="noreferrer">https://access.redhat.com/errata/RHSA-2018:3004</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" target="_blank" rel="noreferrer">https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://crbug.com/882078" target="_blank" rel="noreferrer">https://crbug.com/882078</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://security.gentoo.org/glsa/201811-10" target="_blank" rel="noreferrer">https://security.gentoo.org/glsa/201811-10</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://www.debian.org/security/2018/dsa-4330" target="_blank" rel="noreferrer">https://www.debian.org/security/2018/dsa-4330</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="http://www.securityfocus.com/bid/105666" target="_blank" rel="noreferrer">http://www.securityfocus.com/bid/105666</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://access.redhat.com/errata/RHSA-2018:3004" target="_blank" rel="noreferrer">https://access.redhat.com/errata/RHSA-2018:3004</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" target="_blank" rel="noreferrer">https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://crbug.com/882078" target="_blank" rel="noreferrer">https://crbug.com/882078</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://security.gentoo.org/glsa/201811-10" target="_blank" rel="noreferrer">https://security.gentoo.org/glsa/201811-10</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://www.debian.org/security/2018/dsa-4330" target="_blank" rel="noreferrer">https://www.debian.org/security/2018/dsa-4330</a></li></ul></div></div></article><article class="cve-card cve-card-high" id="CVE-2018-17474" data-sev="HIGH"><div class="cve-card-rail sev-bg-high"></div><div class="cve-card-body"><header class="cve-card-head"><div class="cve-card-id-row"><a class="cve-card-id" href="https://nvd.nist.gov/vuln/detail/CVE-2018-17474" target="_blank" rel="noreferrer">CVE-2018-17474</a><button type="button" class="copy-btn" data-copy="CVE-2018-17474" aria-label="Copy"><svg width="13" height="13" viewBox="0 0 16 16" aria-hidden="true"><rect x="5" y="5" width="9" height="9" rx="1.5" fill="none" stroke="currentColor" stroke-width="1.5"/><path d="M3 11V3.5A1.5 1.5 0 0 1 4.5 2H11" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round"/></svg><span>CVE-2018-17474</span></button><a class="cve-card-permalink" href="#CVE-2018-17474" aria-label="Permalink"><svg width="13" height="13" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round"/></svg></a></div><div class="cve-card-badges"><span class="sev-badge sev-md sev-badge-high"><span class="sev-dot"></span><span class="sev-name">HIGH</span><span class="sev-score">8.8</span></span></div></header><h3 class="cve-card-title">Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.</h3><div class="cve-card-meta"><span><strong>Published:</strong> 2018-11-14</span><span><strong>Modified:</strong> 2024-11-21</span></div><div class="cve-card-cvss"><div class="cve-card-cvss-head"><div class="cvss-tabs"><span class="cvss-tab is-on">CVSS 2.0</span><span class="cvss-tab sev-fg-medium">MEDIUM 6.8</span></div><code class="cvss-vector-text">CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P</code></div></div><div class="cve-card-cvss"><div class="cve-card-cvss-head"><div class="cvss-tabs"><span class="cvss-tab is-on">CVSS 3.x</span><span class="cvss-tab sev-fg-high">HIGH 8.8</span></div><code class="cvss-vector-text">CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</code></div></div><div class="cve-card-refs"><div class="cve-card-refs-h">References</div><ul><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="http://www.securityfocus.com/bid/105666" target="_blank" rel="noreferrer">http://www.securityfocus.com/bid/105666</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://access.redhat.com/errata/RHSA-2018:3004" target="_blank" rel="noreferrer">https://access.redhat.com/errata/RHSA-2018:3004</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" target="_blank" rel="noreferrer">https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://crbug.com/843151" target="_blank" rel="noreferrer">https://crbug.com/843151</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://security.gentoo.org/glsa/201811-10" target="_blank" rel="noreferrer">https://security.gentoo.org/glsa/201811-10</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://www.debian.org/security/2018/dsa-4330" target="_blank" rel="noreferrer">https://www.debian.org/security/2018/dsa-4330</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="http://www.securityfocus.com/bid/105666" target="_blank" rel="noreferrer">http://www.securityfocus.com/bid/105666</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://access.redhat.com/errata/RHSA-2018:3004" target="_blank" rel="noreferrer">https://access.redhat.com/errata/RHSA-2018:3004</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" target="_blank" rel="noreferrer">https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://crbug.com/843151" target="_blank" rel="noreferrer">https://crbug.com/843151</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://security.gentoo.org/glsa/201811-10" target="_blank" rel="noreferrer">https://security.gentoo.org/glsa/201811-10</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://www.debian.org/security/2018/dsa-4330" target="_blank" rel="noreferrer">https://www.debian.org/security/2018/dsa-4330</a></li></ul></div></div></article><article class="cve-card cve-card-medium" id="CVE-2018-17475" data-sev="MEDIUM"><div class="cve-card-rail sev-bg-medium"></div><div class="cve-card-body"><header class="cve-card-head"><div class="cve-card-id-row"><a class="cve-card-id" href="https://nvd.nist.gov/vuln/detail/CVE-2018-17475" target="_blank" rel="noreferrer">CVE-2018-17475</a><button type="button" class="copy-btn" data-copy="CVE-2018-17475" aria-label="Copy"><svg width="13" height="13" viewBox="0 0 16 16" aria-hidden="true"><rect x="5" y="5" width="9" height="9" rx="1.5" fill="none" stroke="currentColor" stroke-width="1.5"/><path d="M3 11V3.5A1.5 1.5 0 0 1 4.5 2H11" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round"/></svg><span>CVE-2018-17475</span></button><a class="cve-card-permalink" href="#CVE-2018-17475" aria-label="Permalink"><svg width="13" height="13" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round"/></svg></a></div><div class="cve-card-badges"><span class="sev-badge sev-md sev-badge-medium"><span class="sev-dot"></span><span class="sev-name">MEDIUM</span><span class="sev-score">4.3</span></span></div></header><h3 class="cve-card-title">Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.</h3><div class="cve-card-meta"><span><strong>Published:</strong> 2018-11-14</span><span><strong>Modified:</strong> 2024-11-21</span></div><div class="cve-card-cvss"><div class="cve-card-cvss-head"><div class="cvss-tabs"><span class="cvss-tab is-on">CVSS 2.0</span><span class="cvss-tab sev-fg-medium">MEDIUM 4.3</span></div><code class="cvss-vector-text">CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N</code></div></div><div class="cve-card-cvss"><div class="cve-card-cvss-head"><div class="cvss-tabs"><span class="cvss-tab is-on">CVSS 3.x</span><span class="cvss-tab sev-fg-medium">MEDIUM 4.3</span></div><code class="cvss-vector-text">CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N</code></div></div><div class="cve-card-refs"><div class="cve-card-refs-h">References</div><ul><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="http://www.securityfocus.com/bid/105666" target="_blank" rel="noreferrer">http://www.securityfocus.com/bid/105666</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://access.redhat.com/errata/RHSA-2018:3004" target="_blank" rel="noreferrer">https://access.redhat.com/errata/RHSA-2018:3004</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" target="_blank" rel="noreferrer">https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://crbug.com/852634" target="_blank" rel="noreferrer">https://crbug.com/852634</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://security.gentoo.org/glsa/201811-10" target="_blank" rel="noreferrer">https://security.gentoo.org/glsa/201811-10</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://www.debian.org/security/2018/dsa-4330" target="_blank" rel="noreferrer">https://www.debian.org/security/2018/dsa-4330</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="http://www.securityfocus.com/bid/105666" target="_blank" rel="noreferrer">http://www.securityfocus.com/bid/105666</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://access.redhat.com/errata/RHSA-2018:3004" target="_blank" rel="noreferrer">https://access.redhat.com/errata/RHSA-2018:3004</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" target="_blank" rel="noreferrer">https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://crbug.com/852634" target="_blank" rel="noreferrer">https://crbug.com/852634</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://security.gentoo.org/glsa/201811-10" target="_blank" rel="noreferrer">https://security.gentoo.org/glsa/201811-10</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://www.debian.org/security/2018/dsa-4330" target="_blank" rel="noreferrer">https://www.debian.org/security/2018/dsa-4330</a></li></ul></div></div></article><article class="cve-card cve-card-medium" id="CVE-2018-17476" data-sev="MEDIUM"><div class="cve-card-rail sev-bg-medium"></div><div class="cve-card-body"><header class="cve-card-head"><div class="cve-card-id-row"><a class="cve-card-id" href="https://nvd.nist.gov/vuln/detail/CVE-2018-17476" target="_blank" rel="noreferrer">CVE-2018-17476</a><button type="button" class="copy-btn" data-copy="CVE-2018-17476" aria-label="Copy"><svg width="13" height="13" viewBox="0 0 16 16" aria-hidden="true"><rect x="5" y="5" width="9" height="9" rx="1.5" fill="none" stroke="currentColor" stroke-width="1.5"/><path d="M3 11V3.5A1.5 1.5 0 0 1 4.5 2H11" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round"/></svg><span>CVE-2018-17476</span></button><a class="cve-card-permalink" href="#CVE-2018-17476" aria-label="Permalink"><svg width="13" height="13" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round"/></svg></a></div><div class="cve-card-badges"><span class="sev-badge sev-md sev-badge-medium"><span class="sev-dot"></span><span class="sev-name">MEDIUM</span><span class="sev-score">4.3</span></span></div></header><h3 class="cve-card-title">Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.</h3><div class="cve-card-meta"><span><strong>Published:</strong> 2018-11-14</span><span><strong>Modified:</strong> 2024-11-21</span></div><div class="cve-card-cvss"><div class="cve-card-cvss-head"><div class="cvss-tabs"><span class="cvss-tab is-on">CVSS 2.0</span><span class="cvss-tab sev-fg-medium">MEDIUM 4.3</span></div><code class="cvss-vector-text">CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N</code></div></div><div class="cve-card-cvss"><div class="cve-card-cvss-head"><div class="cvss-tabs"><span class="cvss-tab is-on">CVSS 3.x</span><span class="cvss-tab sev-fg-medium">MEDIUM 4.3</span></div><code class="cvss-vector-text">CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N</code></div></div><div class="cve-card-refs"><div class="cve-card-refs-h">References</div><ul><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="http://www.securityfocus.com/bid/105666" target="_blank" rel="noreferrer">http://www.securityfocus.com/bid/105666</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://access.redhat.com/errata/RHSA-2018:3004" target="_blank" rel="noreferrer">https://access.redhat.com/errata/RHSA-2018:3004</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" target="_blank" rel="noreferrer">https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://crbug.com/812769" target="_blank" rel="noreferrer">https://crbug.com/812769</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://security.gentoo.org/glsa/201811-10" target="_blank" rel="noreferrer">https://security.gentoo.org/glsa/201811-10</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://www.debian.org/security/2018/dsa-4330" target="_blank" rel="noreferrer">https://www.debian.org/security/2018/dsa-4330</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="http://www.securityfocus.com/bid/105666" target="_blank" rel="noreferrer">http://www.securityfocus.com/bid/105666</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://access.redhat.com/errata/RHSA-2018:3004" target="_blank" rel="noreferrer">https://access.redhat.com/errata/RHSA-2018:3004</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" target="_blank" rel="noreferrer">https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://crbug.com/812769" target="_blank" rel="noreferrer">https://crbug.com/812769</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://security.gentoo.org/glsa/201811-10" target="_blank" rel="noreferrer">https://security.gentoo.org/glsa/201811-10</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://www.debian.org/security/2018/dsa-4330" target="_blank" rel="noreferrer">https://www.debian.org/security/2018/dsa-4330</a></li></ul></div></div></article><article class="cve-card cve-card-medium" id="CVE-2018-17477" data-sev="MEDIUM"><div class="cve-card-rail sev-bg-medium"></div><div class="cve-card-body"><header class="cve-card-head"><div class="cve-card-id-row"><a class="cve-card-id" href="https://nvd.nist.gov/vuln/detail/CVE-2018-17477" target="_blank" rel="noreferrer">CVE-2018-17477</a><button type="button" class="copy-btn" data-copy="CVE-2018-17477" aria-label="Copy"><svg width="13" height="13" viewBox="0 0 16 16" aria-hidden="true"><rect x="5" y="5" width="9" height="9" rx="1.5" fill="none" stroke="currentColor" stroke-width="1.5"/><path d="M3 11V3.5A1.5 1.5 0 0 1 4.5 2H11" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round"/></svg><span>CVE-2018-17477</span></button><a class="cve-card-permalink" href="#CVE-2018-17477" aria-label="Permalink"><svg width="13" height="13" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round"/></svg></a></div><div class="cve-card-badges"><span class="sev-badge sev-md sev-badge-medium"><span class="sev-dot"></span><span class="sev-name">MEDIUM</span><span class="sev-score">4.3</span></span></div></header><h3 class="cve-card-title">Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page.</h3><div class="cve-card-meta"><span><strong>Published:</strong> 2018-11-14</span><span><strong>Modified:</strong> 2024-11-21</span></div><div class="cve-card-cvss"><div class="cve-card-cvss-head"><div class="cvss-tabs"><span class="cvss-tab is-on">CVSS 2.0</span><span class="cvss-tab sev-fg-medium">MEDIUM 4.3</span></div><code class="cvss-vector-text">CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N</code></div></div><div class="cve-card-cvss"><div class="cve-card-cvss-head"><div class="cvss-tabs"><span class="cvss-tab is-on">CVSS 3.x</span><span class="cvss-tab sev-fg-medium">MEDIUM 4.3</span></div><code class="cvss-vector-text">CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N</code></div></div><div class="cve-card-refs"><div class="cve-card-refs-h">References</div><ul><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="http://www.securityfocus.com/bid/105666" target="_blank" rel="noreferrer">http://www.securityfocus.com/bid/105666</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://access.redhat.com/errata/RHSA-2018:3004" target="_blank" rel="noreferrer">https://access.redhat.com/errata/RHSA-2018:3004</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" target="_blank" rel="noreferrer">https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://crbug.com/863703" target="_blank" rel="noreferrer">https://crbug.com/863703</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://security.gentoo.org/glsa/201811-10" target="_blank" rel="noreferrer">https://security.gentoo.org/glsa/201811-10</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://www.debian.org/security/2018/dsa-4330" target="_blank" rel="noreferrer">https://www.debian.org/security/2018/dsa-4330</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="http://www.securityfocus.com/bid/105666" target="_blank" rel="noreferrer">http://www.securityfocus.com/bid/105666</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://access.redhat.com/errata/RHSA-2018:3004" target="_blank" rel="noreferrer">https://access.redhat.com/errata/RHSA-2018:3004</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" target="_blank" rel="noreferrer">https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://crbug.com/863703" target="_blank" rel="noreferrer">https://crbug.com/863703</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://security.gentoo.org/glsa/201811-10" target="_blank" rel="noreferrer">https://security.gentoo.org/glsa/201811-10</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://www.debian.org/security/2018/dsa-4330" target="_blank" rel="noreferrer">https://www.debian.org/security/2018/dsa-4330</a></li></ul></div></div></article><article class="cve-card cve-card-medium" id="CVE-2018-20071" data-sev="MEDIUM"><div class="cve-card-rail sev-bg-medium"></div><div class="cve-card-body"><header class="cve-card-head"><div class="cve-card-id-row"><a class="cve-card-id" href="https://nvd.nist.gov/vuln/detail/CVE-2018-20071" target="_blank" rel="noreferrer">CVE-2018-20071</a><button type="button" class="copy-btn" data-copy="CVE-2018-20071" aria-label="Copy"><svg width="13" height="13" viewBox="0 0 16 16" aria-hidden="true"><rect x="5" y="5" width="9" height="9" rx="1.5" fill="none" stroke="currentColor" stroke-width="1.5"/><path d="M3 11V3.5A1.5 1.5 0 0 1 4.5 2H11" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round"/></svg><span>CVE-2018-20071</span></button><a class="cve-card-permalink" href="#CVE-2018-20071" aria-label="Permalink"><svg width="13" height="13" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round"/></svg></a></div><div class="cve-card-badges"><span class="sev-badge sev-md sev-badge-medium"><span class="sev-dot"></span><span class="sev-name">MEDIUM</span><span class="sev-score">6.1</span></span></div></header><h3 class="cve-card-title">Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page.</h3><div class="cve-card-meta"><span><strong>Published:</strong> 2019-01-09</span><span><strong>Modified:</strong> 2024-11-21</span></div><div class="cve-card-cvss"><div class="cve-card-cvss-head"><div class="cvss-tabs"><span class="cvss-tab is-on">CVSS 2.0</span><span class="cvss-tab sev-fg-medium">MEDIUM 4.3</span></div><code class="cvss-vector-text">CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N</code></div></div><div class="cve-card-cvss"><div class="cve-card-cvss-head"><div class="cvss-tabs"><span class="cvss-tab is-on">CVSS 3.x</span><span class="cvss-tab sev-fg-medium">MEDIUM 6.1</span></div><code class="cvss-vector-text">CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N</code></div></div><div class="cve-card-refs"><div class="cve-card-refs-h">References</div><ul><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" target="_blank" rel="noreferrer">https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://crbug.com/853937" target="_blank" rel="noreferrer">https://crbug.com/853937</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" target="_blank" rel="noreferrer">https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://crbug.com/853937" target="_blank" rel="noreferrer">https://crbug.com/853937</a></li></ul></div></div></article><article class="cve-card cve-card-high" id="CVE-2018-5179" data-sev="HIGH"><div class="cve-card-rail sev-bg-high"></div><div class="cve-card-body"><header class="cve-card-head"><div class="cve-card-id-row"><a class="cve-card-id" href="https://nvd.nist.gov/vuln/detail/CVE-2018-5179" target="_blank" rel="noreferrer">CVE-2018-5179</a><button type="button" class="copy-btn" data-copy="CVE-2018-5179" aria-label="Copy"><svg width="13" height="13" viewBox="0 0 16 16" aria-hidden="true"><rect x="5" y="5" width="9" height="9" rx="1.5" fill="none" stroke="currentColor" stroke-width="1.5"/><path d="M3 11V3.5A1.5 1.5 0 0 1 4.5 2H11" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round"/></svg><span>CVE-2018-5179</span></button><a class="cve-card-permalink" href="#CVE-2018-5179" aria-label="Permalink"><svg width="13" height="13" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round"/></svg></a></div><div class="cve-card-badges"><span class="sev-badge sev-md sev-badge-high"><span class="sev-dot"></span><span class="sev-name">HIGH</span><span class="sev-score">7.5</span></span></div></header><h3 class="cve-card-title">A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60.</h3><div class="cve-card-meta"><span><strong>Published:</strong> 2019-04-26</span><span><strong>Modified:</strong> 2024-11-21</span></div><div class="cve-card-cvss"><div class="cve-card-cvss-head"><div class="cvss-tabs"><span class="cvss-tab is-on">CVSS 2.0</span><span class="cvss-tab sev-fg-medium">MEDIUM 5.0</span></div><code class="cvss-vector-text">CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N</code></div></div><div class="cve-card-cvss"><div class="cve-card-cvss-head"><div class="cvss-tabs"><span class="cvss-tab is-on">CVSS 3.x</span><span class="cvss-tab sev-fg-high">HIGH 7.5</span></div><code class="cvss-vector-text">CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</code></div></div><div class="cve-card-refs"><div class="cve-card-refs-h">References</div><ul><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/" target="_blank" rel="noreferrer">https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/</a></li><li><svg width="11" height="11" viewBox="0 0 16 16" aria-hidden="true"><path d="M7 9.5l-2 2a2.5 2.5 0 1 1-3.5-3.5l2-2M9 6.5l2-2a2.5 2.5 0 1 1 3.5 3.5l-2 2M5.5 10.5l5-5" fill="none" stroke="currentColor" stroke-width="1.4" stroke-linecap="round"/></svg><a href="https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/" target="_blank" rel="noreferrer">https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/</a></li></ul></div></div></article></div></div></div></section><footer class="footer"><div class="footer-inner"><div class="footer-col"><span class="alt-logo"><img class="alt-logo-img" src="/static/main/image/altlinux-logo.svg" alt="ALT Linux Team" height="40"></span><p class="footer-text">errata.altlinux.org is an open source of errata bulletins for ALT Linux packages — security fixes, bugs and regressions. The site is statically generated.</p></div><div class="footer-col"><div class="footer-h">Links</div><a href="https://packages.altlinux.org" target="_blank" rel="noreferrer">packages.altlinux.org</a><a href="https://git.altlinux.org" target="_blank" rel="noreferrer">git.altlinux.org</a><a href="https://bugzilla.altlinux.org" target="_blank" rel="noreferrer">bugzilla.altlinux.org</a><a href="https://www.altlinux.org" target="_blank" rel="noreferrer">www.altlinux.org</a></div><div class="footer-col"><div class="footer-h">Community</div><a href="https://forum.altlinux.org/" target="_blank" rel="noreferrer">Forum</a><a href="https://altlinux.space/explore/repos" target="_blank" rel="noreferrer">git (altlinux.space)</a><a href="https://teleg.one/alt_linux" target="_blank" rel="noreferrer">Telegram</a><a href="https://vk.com/altlinux" target="_blank" rel="noreferrer">VKontakte</a></div><div class="footer-col"><div class="footer-h">About</div><a href="https://rdb.altlinux.org/api/errata/ids" target="_blank" rel="noreferrer">JSON API</a><a href="https://altlinux.space/ALTLinux/errata-genpages" target="_blank" rel="noreferrer">Source code</a></div></div><div class="footer-bottom"><span>© 2026 ALT Linux Team. Licensed under GNU AGPL v3.</span><span class="footer-meta">v2.2.0 · static site</span></div></footer></div></body></html>

Package update chromium in branch sisyphus

Closed issues (34)

Уязвимость компонента AppCache веб-браузера Chrome, позволяющая нарушителю выйти из изолированной среды и выполнить произвольный код

Уязвимость обработчика JavaScript-сценариев V8 веб-браузера Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Уязвимость компонента Omnibox веб-браузера Chrome, позволяющая нарушителю подменить адрес URI

Уязвимость библиотеи angle веб-браузера Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Omnibox веб-браузера Chrome, позволяющая нарушителю подменить адрес URI

Уязвимость механизма отображения веб-страниц Blink браузера Google Chrome, позволяющая нарушителю получить URL-адреса перекрестного происхождения

Уязвимость обработчика PDF-содержимого PDFium браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость реализации движка графического процессора браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость браузера Google Chrome, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю осуществить подмену содержимого компонента Omnibox (URL)

Уязвимость функции HTMLImportsController механизма отображения веб-страниц Blink браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость браузера Google Chrome, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю осуществить подмену содержимого компонента Omnibox (URL)

Уязвимость скрипта ServiceWorker браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.

Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.

Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.