CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 1CVE-2019-16508
https://notcve.org/view.php?id=CVE-2019-16508
01 Oct 2019 — The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU process to /dev/dri/card1 and the PowerVR ioctl handler, as demonstrated by PVRSRVBridgeSyncPrimOpCreate. El controlador Imagination Technologies para Chrome OS versiones anteriores a R74-11895.B, versiones R75 anteriores a R75-12105.B y ... • https://bugs.chromium.org/p/chromium/issues/detail?id=960106 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5179
https://notcve.org/view.php?id=CVE-2016-5179
06 Mar 2018 — Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot. Chrome OS, en versiones anteriores a la 53.0.2785.144, permite que atacantes remotos ejecuten comandos arbitrarios al iniciar el sistema. • http://www.securityfocus.com/bid/93260 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15400 – Gentoo Linux Security Advisory 201908-08
https://notcve.org/view.php?id=CVE-2017-15400
07 Feb 2018 — Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue. La restricción insuficiente de filtros IPP en CUPS en Google Chrome OS, en versiones anteriores a la 62.0.3202.74, permite que un atacante remoto ejecute un comando con los mismos privilegios que el demonio cups mediante un archivo PPD manipulado. Esto también se conoce... • https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15397
https://notcve.org/view.php?id=CVE-2017-15397
07 Feb 2018 — Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position. La implementación inadecuada en ChromeVox en Google Chrome OS, en versiones anteriores a la 62.0.3202.74, permitía que un atacante remoto en una posición de red privilegiada observe o manipule ciertas peticiones HTTP en texto claro aprovechándose de esa posición. • http://www.securityfocus.com/bid/102435 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5084 – Gentoo Linux Security Advisory 201706-20
https://notcve.org/view.php?id=CVE-2017-5084
20 Jun 2017 — Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint. Una implementación incorrecta en image-burner en Google Chrome OS, en versiones anteriores a la 59.0.3071.92, permitía que un atacante local leyese archivos locales mediante comandos dbus-send a un endpoint BurnImage D-Bus. Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote... • http://www.securityfocus.com/bid/98986 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5169
https://notcve.org/view.php?id=CVE-2016-5169
25 Sep 2016 — Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de formato de cadena en el SO de Google Chrome en versiones anteriores a 53.0.2785.103 permite a atacantes remotos provocar una denegación de servicio o tener otro posible impacto no especificado a través de vectores desconocidos. • http://www.securityfocus.com/bid/92914 •
CVSS: 10.0EPSS: 4%CPEs: 6EXPL: 0CVE-2014-3188 – v8: IPC and v8 issue fixed in Google Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3188
08 Oct 2014 — Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h. Google Chrome anterior a 38.0.2125.101 y Chrome OS anterior a 38.0.2125.101 no manejan debidamente la interacción de IPC y Google V8, lo que permite a atacantes remotos ejecutar código arbitrario a través de... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update-for-chrome-os.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1708
https://notcve.org/view.php?id=CVE-2014-1708
16 Mar 2014 — The boot implementation in Google Chrome OS before 33.0.1750.152 does not properly consider file persistence, which allows remote attackers to execute arbitrary code via unspecified vectors. La implementación boot en Google Chrome OS anterior a 33.0.1750.152 no considera debidamente persistencia de archivo, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1710
https://notcve.org/view.php?id=CVE-2014-1710
16 Mar 2014 — The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buffer/service/query_manager.cc in Google Chrome, as used in Google Chrome OS before 33.0.1750.152, does not check whether a certain position is within the bounds of a shared-memory segment, which allows remote attackers to cause a denial of service (GPU command-buffer memory corruption) or possibly have unspecified other impact via unknown vectors. La función AsyncPixelTransfersCompletedQuery::End en gpu/command_buffer/service/query_manager... • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1706
https://notcve.org/view.php?id=CVE-2014-1706
16 Mar 2014 — crosh in Google Chrome OS before 33.0.1750.152 allows attackers to inject commands via unspecified vectors. caída en Google Chrome OS anterior a 33.0.1750.152 permite a atacantes inyectar comandos a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html •