Chrome prior to 103.0.5060.54, Firefox prior to 52.0, and Opera prior to 55.0 did not prevent access to domains with invalid IDN homographs, resulting in domain spoofing. Google Chrome prior to 103.0.5060.54, Firefox prior to 52.0, and Opera prior to 55.0 did not prevent access to domains with invalid IDN homographs, resulting in domain spoofing. CVE-2018-5188: Incomplete data validation on WebSocket messages with invalid echo identification characters could lead to denial of service or potential code execution in Chrome. CVE-2018-5189: A cross-origin information leak existed in Blink/WebRTC because the data being sent over WebSockets was not sufficiently validated before being sent. CVE-2018-5190: An information disclosure caused by improper enforcement of Content Security Policy (CSP) could lead to information leak on sites that have not properly enforced their CSP security policies. CVE-2018-5191: An out-of-bounds write existed in Skia due to improper validation of user-defined functions. An attacker could potentially exploit this to cause a denial of service (Skia application crash). CVE-2018-5192: An information leak existed in WebAssembly because the WebAssembly.js compiler did not suppress the globally unique ID data. Increased risk of information disclosure due to WebAssembly. CVE-2018-5193: A cross-origin information

Miscellaneous

Chrome 56.0.2924.87 and Opera 53.0.3145.65 were not significantly changed from the previous version of Chrome and Opera, respectively, for the purpose of this vulnerability (CVE-2018-5194).
Opera 53.0.3145.65 was not significantly changed from the previous version of Opera for the purpose of this vulnerability (CVE-2018-5191).

Timeline

Published on: 07/28/2022 01:15:00 UTC
Last modified on: 08/19/2022 12:03:00 UTC

References