CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-1059
https://notcve.org/view.php?id=CVE-2024-1059
Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) El use after free en Peer Connection en Google Chrome anterior a 121.0.6167.139 permitía a un atacante remoto explotar potencialmente la corrupción de la pila a través de una página HTML manipulada. (Severidad de seguridad de Chromium: alta) • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html https://crbug.com/1514777 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCVKRHRWPMITSVFBHQBSNXOVJAKT547Q • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0809
https://notcve.org/view.php?id=CVE-2024-0809
Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) La implementación inapropiada de Autocompletar en Google Chrome anterior a 121.0.6167.85 permitió a un atacante remoto evitar las restricciones de Autocompletar a través de una página HTML manipulada. (Severidad de seguridad de Chrome: baja) • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html https://crbug.com/1497985 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0811 – Chrome chrome.pageCapture.saveAsMHTML() Extension API Blocked Origin Bypass
https://notcve.org/view.php?id=CVE-2024-0811
Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) La implementación inadecuada en Extensions API en Google Chrome anterior a 121.0.6167.85 permitió a un atacante que convenció a un usuario de instalar una extensión maliciosa para filtrar datos de orígenes cruzados a través de una extensión de Chrome manipulada. (Severidad de seguridad de Chrome: baja) Chrome has an issue where the chrome.pageCapture.saveAsMHTML() extension API can be used on blocked origins due to a racy access check. • http://packetstormsecurity.com/files/177172/Chrome-chrome.pageCapture.saveAsMHTML-Extension-API-Blocked-Origin-Bypass.html https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html https://crbug.com/1494490 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0804
https://notcve.org/view.php?id=CVE-2024-0804
Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) La aplicación insuficiente de políticas en iOS Security UI en Google Chrome anterior a 121.0.6167.85 permitió que un atacante remoto filtrara datos de orígenes cruzados a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html https://crbug.com/1515137 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0805
https://notcve.org/view.php?id=CVE-2024-0805
Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) La implementación inadecuada en Downloads en Google Chrome anterior a 121.0.6167.85 permitió a un atacante remoto realizar una suplantación de dominio a través de un nombre de dominio manipulado. (Severidad de seguridad de Chromium: media) • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html https://crbug.com/1514925 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC •