admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-11-14 10:06:44 -05:00
parent 63e0a2e819
commit 47bb6d8dd1
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
42 changed files with 2644 additions and 2442 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
2018/17xxx/CVE-2018-17462.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-17462",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": " 70.0.3538.67",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17462",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use after free"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/888926"
},
{
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/888926",
"refsource" : "MISC",
"url" : "https://crbug.com/888926"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/17xxx/CVE-2018-17463.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-17463",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": " 70.0.3538.67",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17463",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/888923"
},
{
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/888923",
"refsource" : "MISC",
"url" : "https://crbug.com/888923"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/17xxx/CVE-2018-17464.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-17464",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": " 70.0.3538.67",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17464",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect security UI"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect security UI"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/887273"
},
{
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/887273",
"refsource" : "MISC",
"url" : "https://crbug.com/887273"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/17xxx/CVE-2018-17465.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-17465",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": " 70.0.3538.67",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17465",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Uninitialized Use"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uninitialized Use"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/870226"
},
{
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/870226",
"refsource" : "MISC",
"url" : "https://crbug.com/870226"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/17xxx/CVE-2018-17466.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-17466",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": " 70.0.3538.67",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17466",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out of bounds read"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/880906"
},
{
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/880906",
"refsource" : "MISC",
"url" : "https://crbug.com/880906"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/17xxx/CVE-2018-17467.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-17467",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": " 70.0.3538.67",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17467",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect security UI"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect security UI"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/844881"
},
{
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/844881",
"refsource" : "MISC",
"url" : "https://crbug.com/844881"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/17xxx/CVE-2018-17468.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-17468",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": " 70.0.3538.67",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17468",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/876822"
},
{
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/876822",
"refsource" : "MISC",
"url" : "https://crbug.com/876822"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/17xxx/CVE-2018-17469.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-17469",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": " 70.0.3538.67",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17469",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap buffer overflow"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/880675"
},
{
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/880675",
"refsource" : "MISC",
"url" : "https://crbug.com/880675"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/17xxx/CVE-2018-17471.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-17471",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": " 70.0.3538.67",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17471",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect security UI"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect security UI"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/873080"
},
{
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/873080",
"refsource" : "MISC",
"url" : "https://crbug.com/873080"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/17xxx/CVE-2018-17472.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-17472",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": " 70.0.3538.67",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17472",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/822518"
},
{
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/822518",
"refsource" : "MISC",
"url" : "https://crbug.com/822518"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/17xxx/CVE-2018-17473.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-17473",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": " 70.0.3538.67",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17473",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/882078"
},
{
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/882078",
"refsource" : "MISC",
"url" : "https://crbug.com/882078"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/17xxx/CVE-2018-17474.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-17474",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": " 70.0.3538.67",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17474",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use after free"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/843151"
},
{
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/843151",
"refsource" : "MISC",
"url" : "https://crbug.com/843151"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/17xxx/CVE-2018-17475.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-17475",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": " 70.0.3538.67",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17475",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect security UI"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect security UI"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/852634"
},
{
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/852634",
"refsource" : "MISC",
"url" : "https://crbug.com/852634"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/17xxx/CVE-2018-17476.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-17476",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": " 70.0.3538.67",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17476",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect security UI"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect security UI"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/812769"
},
{
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/812769",
"refsource" : "MISC",
"url" : "https://crbug.com/812769"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/17xxx/CVE-2018-17477.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-17477",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": " 70.0.3538.67",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17477",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect security UI"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect security UI"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/863703"
},
{
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/863703",
"refsource" : "MISC",
"url" : "https://crbug.com/863703"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6057.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6057",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6057",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/789959"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/789959",
"refsource" : "MISC",
"url" : "https://crbug.com/789959"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6060.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6060",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6060",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use after free"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/780919"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/780919",
"refsource" : "MISC",
"url" : "https://crbug.com/780919"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6061.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6061",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6061",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Race"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Race"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/794091"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/794091",
"refsource" : "MISC",
"url" : "https://crbug.com/794091"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6062.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6062",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6062",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Integer overflow"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/780104"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/780104",
"refsource" : "MISC",
"url" : "https://crbug.com/780104"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6063.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6063",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6063",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/792900"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/792900",
"refsource" : "MISC",
"url" : "https://crbug.com/792900"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6064.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6064",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6064",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Type Confusion"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Type Confusion"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/798644"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/798644",
"refsource" : "MISC",
"url" : "https://crbug.com/798644"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6065.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6065",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6065",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Integer overflow"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/808192"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/808192",
"refsource" : "MISC",
"url" : "https://crbug.com/808192"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6066.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6066",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6066",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/799477"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/799477",
"refsource" : "MISC",
"url" : "https://crbug.com/799477"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6067.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6067",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6067",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap buffer overflow"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/779428"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/779428",
"refsource" : "MISC",
"url" : "https://crbug.com/779428"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6068.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6068",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6068",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Object lifecycle issue"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Object lifecycle issue"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/798933"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/798933",
"refsource" : "MISC",
"url" : "https://crbug.com/798933"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6069.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6069",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Stack buffer overflow"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/799918"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/799918",
"refsource" : "MISC",
"url" : "https://crbug.com/799918"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6070.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6070",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6070",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/668645"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/668645",
"refsource" : "MISC",
"url" : "https://crbug.com/668645"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6071.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6071",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap buffer overflow"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/777318"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow in in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/777318",
"refsource" : "MISC",
"url" : "https://crbug.com/777318"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6072.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6072",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6072",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use after free"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/791048"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/791048",
"refsource" : "MISC",
"url" : "https://crbug.com/791048"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6073.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6073",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6073",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap buffer overflow"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/804118"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/804118",
"refsource" : "MISC",
"url" : "https://crbug.com/804118"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6074.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6074",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6074",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/809759"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/809759",
"refsource" : "MISC",
"url" : "https://crbug.com/809759"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6075.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6075",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6075",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/608669"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/608669",
"refsource" : "MISC",
"url" : "https://crbug.com/608669"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6076.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6076",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6076",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/758523"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/758523",
"refsource" : "MISC",
"url" : "https://crbug.com/758523"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6077.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6077",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6077",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Side-channel information leakage"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Side-channel information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/778506"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/778506",
"refsource" : "MISC",
"url" : "https://crbug.com/778506"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6078.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6078",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6078",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/793628"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/793628",
"refsource" : "MISC",
"url" : "https://crbug.com/793628"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6079.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6079",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6079",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/788448"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/788448",
"refsource" : "MISC",
"url" : "https://crbug.com/788448"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6080.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6080",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6080",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes ."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/792028"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes ."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/792028",
"refsource" : "MISC",
"url" : "https://crbug.com/792028"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6081.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6081",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6081",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/797525"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/797525",
"refsource" : "MISC",
"url" : "https://crbug.com/797525"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6082.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6082",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6082",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/767354"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/767354",
"refsource" : "MISC",
"url" : "https://crbug.com/767354"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

127
2018/6xxx/CVE-2018-6083.json
View File

@ -1,63 +1,68 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6083",
"ASSIGNER": "chrome-cve-admin@google.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_value": "65.0.3325.146",
"version_affected": "<"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6083",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://crbug.com/771709"
},
{
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page."
}
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/771709",
"refsource" : "MISC",
"url" : "https://crbug.com/771709"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
}
]
}
}

3
2018/7xxx/CVE-2018-7357.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access.\n"
"value" : "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access."
}
]
},
@ -69,6 +69,7 @@
"references" : {
"reference_data" : [
{
"name" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523",
"refsource" : "CONFIRM",
"url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523"
}

3
2018/7xxx/CVE-2018-7358.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations.\n"
"value" : "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations."
}
]
},
@ -69,6 +69,7 @@
"references" : {
"reference_data" : [
{
"name" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523",
"refsource" : "CONFIRM",
"url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523"
}