CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21143 – Debian Security Advisory 4846-1
https://notcve.org/view.php?id=CVE-2021-21143
09 Feb 2021 — Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Un desbordamiento del búfer de la pila en Extensions en Google Chrome versiones anteriores a 88.0.4324.146, permitía a un atacante que convenció a un usuario de instalar una extensión maliciosa explotar potencialmente una corrupción de la pila por medio de una Extensión de Chrome diseñada Mu... • https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21142 – Debian Security Advisory 4846-1
https://notcve.org/view.php?id=CVE-2021-21142
09 Feb 2021 — Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en Payments en Google Chrome en Mac versiones anteriores a 88.0.4324.146, permitía que un atacante remoto pudiera llevar a cabo un escape del sandbox por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitr... • https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 8.1EPSS: 2%CPEs: 2EXPL: 0CVE-2021-21125 – Debian Security Advisory 4846-1
https://notcve.org/view.php?id=CVE-2021-21125
25 Jan 2021 — Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Una aplicación de políticas insuficientes en File System API en Google Chrome en Windows versiones anteriores a 88.0.4324.96, permitió a un atacante remoto omitir las restricciones del sistema de archivos por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst o... • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 1CVE-2021-21137 – Debian Security Advisory 4846-1
https://notcve.org/view.php?id=CVE-2021-21137
25 Jan 2021 — Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. Una implementación inapropiada en DevTools en Google Chrome versiones anteriores a 88.0.4324.96, permitió a un atacante remoto obtener potencialmente información confidencial del disco por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result ... • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 1CVE-2021-21123 – Debian Security Advisory 4846-1
https://notcve.org/view.php?id=CVE-2021-21123
25 Jan 2021 — Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Una comprobación insuficiente de datos en File System API en Google Chrome versiones anteriores a 88.0.4324.96, permitió a un atacante remoto omitir las restricciones del sistema de archivos por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the ... • https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 4%CPEs: 2EXPL: 0CVE-2021-21120 – Debian Security Advisory 4846-1
https://notcve.org/view.php?id=CVE-2021-21120
25 Jan 2021 — Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en WebSQL en Google Chrome versiones anteriores a 88.0.4324.96, permitía a un atacante remoto explotar potencialmente una corrupción de la memoria por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution ... • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2021-21130 – Debian Security Advisory 4846-1
https://notcve.org/view.php?id=CVE-2021-21130
25 Jan 2021 — Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Una aplicación de políticas insuficientes en File System API en Google Chrome versiones anteriores a 88.0.4324.96, permitió a un atacante remoto omitir las restricciones del sistema de archivos por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result i... • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html •
CVSS: 6.5EPSS: 2%CPEs: 2EXPL: 0CVE-2021-21133 – Debian Security Advisory 4846-1
https://notcve.org/view.php?id=CVE-2021-21133
25 Jan 2021 — Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page. Una aplicación de políticas insuficientes en Downloads en Google Chrome versiones anteriores a 88.0.4324.96, permitió a un atacante que convenció a un usuario de descargar archivos para omitir las restricciones de navegación por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chr... • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2021-21126 – Debian Security Advisory 4846-1
https://notcve.org/view.php?id=CVE-2021-21126
25 Jan 2021 — Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. Una aplicación de políticas insuficientes en extensions de Google Chrome versiones anteriores a 88.0.4324.96, permitió a un atacante remoto omitir el aislamiento del sitio por medio de una Extension de Chrome diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execu... • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21138 – Debian Security Advisory 4846-1
https://notcve.org/view.php?id=CVE-2021-21138
25 Jan 2021 — Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file. Un uso de la memoria previamente liberada en DevTools en Google Chrome versiones anteriores a 88.0.4324.96, permitía a un atacante local llevar a cabo potencialmente un escape del sandbox por medio de un archivo diseñado Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. ... • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html • CWE-416: Use After Free •