CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21137 – Debian Security Advisory 4846-1
https://notcve.org/view.php?id=CVE-2021-21137
25 Jan 2021 — Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. Una implementación inapropiada en DevTools en Google Chrome versiones anteriores a 88.0.4324.96, permitió a un atacante remoto obtener potencialmente información confidencial del disco por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result ... • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21117 – Debian Security Advisory 4846-1
https://notcve.org/view.php?id=CVE-2021-21117
25 Jan 2021 — Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file. Una aplicación de políticas insuficientes en Cryptohome en Google Chrome versiones anteriores a 88.0.4324.96, permitió a un atacante local llevar a cabo una escalada de privilegios a nivel del Sistema Operativo por medio de un archivo diseñado Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could ... • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21123 – Debian Security Advisory 4846-1
https://notcve.org/view.php?id=CVE-2021-21123
25 Jan 2021 — Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Una comprobación insuficiente de datos en File System API en Google Chrome versiones anteriores a 88.0.4324.96, permitió a un atacante remoto omitir las restricciones del sistema de archivos por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the ... • https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21130 – Debian Security Advisory 4846-1
https://notcve.org/view.php?id=CVE-2021-21130
25 Jan 2021 — Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Una aplicación de políticas insuficientes en File System API en Google Chrome versiones anteriores a 88.0.4324.96, permitió a un atacante remoto omitir las restricciones del sistema de archivos por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result i... • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21131 – Debian Security Advisory 4846-1
https://notcve.org/view.php?id=CVE-2021-21131
25 Jan 2021 — Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Una aplicación de políticas insuficientes en File System API en Google Chrome versiones anteriores a 88.0.4324.96, permitió a un atacante remoto omitir las restricciones del sistema de archivos por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result i... • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21126 – Debian Security Advisory 4846-1
https://notcve.org/view.php?id=CVE-2021-21126
25 Jan 2021 — Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. Una aplicación de políticas insuficientes en extensions de Google Chrome versiones anteriores a 88.0.4324.96, permitió a un atacante remoto omitir el aislamiento del sitio por medio de una Extension de Chrome diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execu... • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21125 – Debian Security Advisory 4846-1
https://notcve.org/view.php?id=CVE-2021-21125
25 Jan 2021 — Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Una aplicación de políticas insuficientes en File System API en Google Chrome en Windows versiones anteriores a 88.0.4324.96, permitió a un atacante remoto omitir las restricciones del sistema de archivos por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst o... • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-16046
https://notcve.org/view.php?id=CVE-2020-16046
14 Jan 2021 — Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Una inyección de script en iOSWeb en Google Chrome en iOS versiones anteriores a 84.0.4147.105, permitía a un atacante remoto ejecutar código arbitrario por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6572 – Google Chrome Media Prior to 81.0.4044.92 Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2020-6572
14 Jan 2021 — Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Un uso de la memoria previamente liberada en Media en Google Chrome versiones anteriores a 81.0.4044.92, permitía a un atacante remoto ejecutar código arbitrario por medio de una página HTML diseñada Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page. • https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html • CWE-416: Use After Free •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2020-16045
https://notcve.org/view.php?id=CVE-2020-16045
14 Jan 2021 — Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un Uso de la Memoria Previamente Liberada en Payments en Google Chrome en Android versiones anteriores de 87.0.4280.66 permitía a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html • CWE-416: Use After Free •