Page 13 of 5157 results (0.021 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) La implementación inadecuada en Extensions API en Google Chrome anterior a 121.0.6167.85 permitió a un atacante que convenció a un usuario de instalar una extensión maliciosa para filtrar datos de orígenes cruzados a través de una extensión de Chrome manipulada. (Severidad de seguridad de Chrome: baja) Chrome has an issue where the chrome.pageCapture.saveAsMHTML() extension API can be used on blocked origins due to a racy access check. • http://packetstormsecurity.com/files/177172/Chrome-chrome.pageCapture.saveAsMHTML-Extension-API-Blocked-Origin-Bypass.html https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html https://crbug.com/1494490 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) La aplicación insuficiente de políticas en iOS Security UI en Google Chrome anterior a 121.0.6167.85 permitió que un atacante remoto filtrara datos de orígenes cruzados a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html https://crbug.com/1515137 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) La implementación inadecuada en Downloads en Google Chrome anterior a 121.0.6167.85 permitió a un atacante remoto realizar una suplantación de dominio a través de un nombre de dominio manipulado. (Severidad de seguridad de Chromium: media) • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html https://crbug.com/1514925 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) Use after free en Passwords en Google Chrome anterior a 121.0.6167.85 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una interacción de interfaz de usuario específica. (Severidad de seguridad de Chromium: media) • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html https://crbug.com/1505176 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) Use after free en Reading Mode en Google Chrome anterior a 121.0.6167.85 permitió a un atacante convencer a un usuario de instalar una extensión maliciosa para explotar potencialmente la corrupción del montón a través de una interacción específica de la interfaz de usuario. (Severidad de seguridad de Chromium: media) • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html https://crbug.com/1477151 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC • CWE-416: Use After Free •