Debian update for chromium-browser
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 58 |
| CVE-ID | CVE-2018-6056 CVE-2018-6057 CVE-2018-6060 CVE-2018-6061 CVE-2018-6062 CVE-2018-6063 CVE-2018-6064 CVE-2018-6065 CVE-2018-6066 CVE-2018-6067 CVE-2018-6068 CVE-2018-6069 CVE-2018-6070 CVE-2018-6071 CVE-2018-6072 CVE-2018-6073 CVE-2018-6074 CVE-2018-6075 CVE-2018-6076 CVE-2018-6077 CVE-2018-6078 CVE-2018-6079 CVE-2018-6080 CVE-2018-6081 CVE-2018-6082 CVE-2018-6083 CVE-2018-6085 CVE-2018-6086 CVE-2018-6087 CVE-2018-6088 CVE-2018-6089 CVE-2018-6090 CVE-2018-6091 CVE-2018-6092 CVE-2018-6093 CVE-2018-6094 CVE-2018-6095 CVE-2018-6096 CVE-2018-6097 CVE-2018-6098 CVE-2018-6099 CVE-2018-6100 CVE-2018-6101 CVE-2018-6102 CVE-2018-6103 CVE-2018-6104 CVE-2018-6105 CVE-2018-6106 CVE-2018-6107 CVE-2018-6108 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111 CVE-2018-6112 CVE-2018-6113 CVE-2018-6114 CVE-2018-6116 CVE-2018-6117 |
| CWE-ID | CWE-20 CWE-119 CWE-416 CWE-362 CWE-122 CWE-843 CWE-190 CWE-120 CWE-404 CWE-121 CWE-284 CWE-264 CWE-19 CWE-385 CWE-451 CWE-200 CWE-79 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #8 is being exploited in the wild. |
| Vulnerable software |
Debian Linux Operating systems & Components / Operating system |
| Vendor | Debian |
Security Bulletin
This security bulletin contains information about 58 vulnerabilities.
1) Remote code execution
EUVDB-ID: #VU10596
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6056
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to incorrect derived class instantiation in V8. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory corruption
EUVDB-ID: #VU11564
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6057
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to incorrect permissions on shared memory. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free error
EUVDB-ID: #VU11558
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6060
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in Blink. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Race condition
EUVDB-ID: #VU11560
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6061
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to race condition in V8. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Heap-based buffer overflow
EUVDB-ID: #VU11561
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6062
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow in Skia. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory corruption
EUVDB-ID: #VU11565
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6063
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to incorrect permissions on shared memory. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Type confusion
EUVDB-ID: #VU11543
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6064
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion in V8. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Integer overflow
EUVDB-ID: #VU11562
Risk: High
CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2018-6065
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
9) Security restrictions bypass
EUVDB-ID: #VU11563
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6066
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to same origin bypass via canvas. A remote attacker can trick the victim into visiting a specially crafted website and bypass security restrictions.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU11566
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-6067
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in Skia due to buffer overflow. A remote attacker can trigger memory corruption and cause the service to crash.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper resource shutdown
EUVDB-ID: #VU11567
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-6068
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to object lifetime issues. A remote attacker can cause the service to crash.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Stack-based buffer overflow
EUVDB-ID: #VU11568
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-6069
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in Skia due to stack-based buffer overflow. A remote attacker can trigger memory corruption and cause the service to crash.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper access control
EUVDB-ID: #VU11569
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6070
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to CSP bypass through extensions. A remote attacker can bypass security restrictions.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Heap-based buffer overflow
EUVDB-ID: #VU11570
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-6071
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in Skia due to heap-based buffer overflow. A remote attacker can trigger memory corruption and cause the service to crash.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Integer overflow
EUVDB-ID: #VU11571
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-6072
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in PDFium due to integer overflow. A remote attacker can trigger buffer overflow and cause the service to crash.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Heap-based buffer overflow
EUVDB-ID: #VU11573
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-6073
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in WebGL due to heap-based buffer overflow. A remote attacker can trigger memory corruption and cause the service to crash.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper access control
EUVDB-ID: #VU11574
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6074
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to Mark-of-the-Web bypass. A remote attacker can bypass security restrictions.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Security restrictions bypass
EUVDB-ID: #VU11576
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6075
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to overly permissive cross origin downloads. A remote attacker can bypass security restrictions.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Data handling
EUVDB-ID: #VU11578
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-6076
CWE-ID:
CWE-19 - Data Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in Blink due to incorrect handling of URL fragment identifiers. A remote attacker can cause the service to crash.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Timing attack
EUVDB-ID: #VU11581
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6077
CWE-ID:
CWE-385 - Covert Timing Channel
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists in SVG filters due to covert timing channel. A remote attacker can gain access to potentially sensitive information.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Spoofing attack
EUVDB-ID: #VU11582
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6078
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to conduct spoofing attack on the target system.
The weakness exists in OmniBox due to URL spoof. A remote attacker can perform spoofing attack and obtain arbitrary data.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Information disclosure
EUVDB-ID: #VU11583
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6079
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists in WebGL due to improper information control via texture data. A remote attacker can gain access to potentially sensitive information.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Information disclosure
EUVDB-ID: #VU11584
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6080
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists in IPC call due to improper information control. A remote attacker can gain access to potentially sensitive information.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Cross-site scripting
EUVDB-ID: #VU11585
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6081
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The weakness exists in interstitials due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Security restrictions bypass
EUVDB-ID: #VU11586
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6082
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to circumvention of port blocking. A remote attacker can bypass security restrictions.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper access control
EUVDB-ID: #VU11587
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6083
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to incorrect processing of AppManifests. A remote attacker can bypass security restrictions.
Update the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free error
EUVDB-ID: #VU11956
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6085
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free in Disk Cache. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Use-after-free error
EUVDB-ID: #VU11961
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6086
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free in Disk Cache. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free error
EUVDB-ID: #VU11962
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6087
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free in WebAssembly. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Use-after-free error
EUVDB-ID: #VU11963
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6088
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free in PDFium. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Security restrictions bypass
EUVDB-ID: #VU11968
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6089
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to an error in Service Worker. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Heap-based buffer overflow
EUVDB-ID: #VU11967
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6090
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to heap-based buffer overflow in Skia. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Security restrictions bypass
EUVDB-ID: #VU11975
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6091
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect handling of plug-ins by Service Worker. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass same origin policy restrictions and gain unauthorized access to the system.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Integer overflow
EUVDB-ID: #VU11970
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-6092
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in WebAssembly. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Security restrictions bypass
EUVDB-ID: #VU11974
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6093
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to an error in Service Worker. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass same origin restrictions and gain unauthorized access to the system.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Security restrictions bypass
EUVDB-ID: #VU11973
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6094
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to exploit hardening regression in Oilpan. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Security restrictions bypass
EUVDB-ID: #VU11972
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6095
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the lack of meaningful user interaction requirement before file upload. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Spoofing attack
EUVDB-ID: #VU11997
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6096
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to unspecified error. A remote attacker can trick the victim into visiting a specially crafted website and conduct spoof the Fullscreen UI.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Spoofing attack
EUVDB-ID: #VU11996
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6097
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to unspecified error. A remote attacker can trick the victim into visiting a specially crafted website and conduct spoof the Fullscreen UI.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Spoofing attack
EUVDB-ID: #VU11995
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6098
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Security restrictions bypass
EUVDB-ID: #VU11977
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6099
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to an error in Service Worker. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass CORS and gain unauthorized access to the system.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Spoofing attack
EUVDB-ID: #VU12005
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6100
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Security restrictions bypass
EUVDB-ID: #VU11981
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6101
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to insufficient protection of remote debugging prototol in DevTools. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Spoofing attack
EUVDB-ID: #VU12004
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6102
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Spoofing attack
EUVDB-ID: #VU12003
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6103
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in Permissions. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Spoofing attack
EUVDB-ID: #VU12002
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6104
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Spoofing attack
EUVDB-ID: #VU12001
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6105
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Security restrictions bypass
EUVDB-ID: #VU11982
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6106
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect handling of promises in V8. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Spoofing attack
EUVDB-ID: #VU12000
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6107
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Spoofing attack
EUVDB-ID: #VU11999
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6108
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in OmniBox. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Security restrictions bypass
EUVDB-ID: #VU11983
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6109
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect handling of files by FileAPI. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Security restrictions bypass
EUVDB-ID: #VU11984
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6110
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect handling of plaintext files via file://. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Heap-use-after-free error
EUVDB-ID: #VU11992
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6111
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to heap-use-after-free error in DevTools. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and cause the service.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Security restrictions bypass
EUVDB-ID: #VU11985
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6112
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect URL handling in DevTools. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Spoofing attack
EUVDB-ID: #VU11998
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6113
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in Navigation. A remote attacker can trick the victim into visiting a specially crafted website and conduct URL spoofing attacks.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Security restrictions bypass
EUVDB-ID: #VU11986
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6114
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to unspecified flaw. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass CSP and gain unauthorized access to the system.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Security restrictions bypass
EUVDB-ID: #VU11989
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6116
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the incorrect low memory handling in WebAssembly. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Security restrictions bypass
EUVDB-ID: #VU11990
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-6117
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to an error related to confusing autofill settings. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, bypass security restrictions and gain unauthorized access to the system.
MitigationUpdate the affected package to version: 66.0.3359.117-1~deb9u1
Vulnerable software versionsDebian Linux: All versions
CPE2.3 External linkshttps://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
