CVSS: 9.6EPSS: 4%CPEs: 4EXPL: 0CVE-2021-21106 – Gentoo Linux Security Advisory 202101-05
https://notcve.org/view.php?id=CVE-2021-21106
08 Jan 2021 — Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en autofill en Google Chrome versiones anteriores a 87.0.4280.141, permitió a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada Multiple vulnerabilities have been... • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-16043 – Gentoo Linux Security Advisory 202101-05
https://notcve.org/view.php?id=CVE-2020-16043
08 Jan 2021 — Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic. Una comprobación insuficiente de datos en networking en Google Chrome versiones anteriores a 87.0.4280.141, permitió a un atacante remoto omitir el control de acceso discrecional por medio del tráfico de red malicioso Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbi... • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-16035 – Debian Security Advisory 4824-1
https://notcve.org/view.php?id=CVE-2020-16035
08 Jan 2021 — Insufficient data validation in cros-disks in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a malicious file. Una comprobación insuficiente de datos en cros-disks en Google Chrome en ChromeOS versiones anteriores a 87.0.4280.66, permitió a un atacante remoto que había comprometido el proceso del navegador omitir las restricciones noexec por medio de un archivo malicioso Multiple security issues were discove... • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16044 – Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
https://notcve.org/view.php?id=CVE-2020-16044
08 Jan 2021 — Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet. Un uso de la memoria previamente liberada en WebRTC en Google Chrome versiones anteriores a 88.0.4324.96, permitía a un atacante remoto explotar potencialmente una corrupción de la memoria por medio de un paquete SCTP diseñado Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgra... • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2020-16025 – Gentoo Linux Security Advisory 202012-05
https://notcve.org/view.php?id=CVE-2020-16025
07 Dec 2020 — Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un desbordamiento del búfer de la pila en clipboard en Google Chrome versiones anteriores a 87.0.4280.66, permitió a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada Multiple vulnerabilities have b... • https://packetstorm.news/files/id/161354 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16034 – Gentoo Linux Security Advisory 202012-05
https://notcve.org/view.php?id=CVE-2020-16034
07 Dec 2020 — Inappropriate implementation in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a local attacker to bypass policy restrictions via a crafted HTML page. Una implementación inapropiada en WebRTC en Google Chrome versiones anteriores a 87.0.4280.66, permitió a un atacante local omitir las restricciones de la política por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions les... • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16042 – chromium-browser: Uninitialized Use in V8
https://notcve.org/view.php?id=CVE-2020-16042
07 Dec 2020 — Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Un uso no inicializado en V8 en Google Chrome versiones anteriores a 87.0.4280.88, permitió a un atacante remoto conseguir información potencialmente confidencial de la memoria del proceso por medio de una página HTML diseñada The Mozilla Foundation Security Advisory describes this flaw as: When a BigInt was right-shifted the backin... • https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html • CWE-908: Use of Uninitialized Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16015 – Gentoo Linux Security Advisory 202012-05
https://notcve.org/view.php?id=CVE-2020-16015
07 Dec 2020 — Insufficient data validation in WASM in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una comprobación insuficiente de datos en WASM en Google Chrome versiones anteriores a 87.0.4280.66, permitió a un atacante remoto explotar potencialmente una corrupción de la memoria por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary exe... • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16026 – Gentoo Linux Security Advisory 202012-05
https://notcve.org/view.php?id=CVE-2020-16026
07 Dec 2020 — Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en WebRTC en Google Chrome versiones anteriores a 87.0.4280.66, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of ... • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16030 – Gentoo Linux Security Advisory 202012-05
https://notcve.org/view.php?id=CVE-2020-16030
07 Dec 2020 — Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. Una comprobación insuficiente de datos en Blink en Google Chrome versiones anteriores a 87.0.4280.66, permitió a un atacante remoto inyectar scripts arbitrarios o HTML (UXSS) por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary executi... • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •