CVSS: 8.8EPSS: 96%CPEs: 2EXPL: 5CVE-2019-13720 – Google Chrome WebAudio Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2019-13720
07 Nov 2019 — Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en WebAudio en Google Chrome versiones anteriores a 78.0.3904.87, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 78.0.3904.87. Issues addresse... • https://packetstorm.news/files/id/167066 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13721 – chromium-browser: use-after-free in PDFium
https://notcve.org/view.php?id=CVE-2019-13721
07 Nov 2019 — Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en PDFium en Google Chrome versiones anteriores a 78.0.3904.87, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00022.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13659 – chromium-browser: URL spoof
https://notcve.org/view.php?id=CVE-2019-13659
29 Oct 2019 — IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Una suplantación de identidad en IDN en Omnibox en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto realizar una suplantación de dominio mediante homógrafos IDN por medio de un nombre de dominio diseñado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13660 – chromium-browser: Full screen notification overlap
https://notcve.org/view.php?id=CVE-2019-13660
29 Oct 2019 — UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page. Una suplantación de la Interfaz de Usuario en Chromium en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto falsificar notificaciones por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed include bypass, cross site request forg... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13661 – chromium-browser: Full screen notification spoof
https://notcve.org/view.php?id=CVE-2019-13661
29 Oct 2019 — UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page. Una suplantación de la Interfaz de Usuario en Chromium en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto falsificar notificaciones por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed include bypass, cross site request forg... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13662 – chromium-browser: CSP bypass
https://notcve.org/view.php?id=CVE-2019-13662
29 Oct 2019 — Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. Una aplicación de política insuficiente en navigations en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto omitir la política de seguridad de contenido por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Iss... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13663 – chromium-browser: IDN spoof
https://notcve.org/view.php?id=CVE-2019-13663
29 Oct 2019 — IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Una suplantación de identidad en IDN en Omnibox en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto realizar una suplantación de dominio mediante homógrafos IDN por medio de un nombre de dominio diseñado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13664 – chromium-browser: CSRF bypass
https://notcve.org/view.php?id=CVE-2019-13664
29 Oct 2019 — Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. Una aplicación de política insuficiente en Blink en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto omitir la política de seguridad de contenido por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addresse... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-346: Origin Validation Error •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13665 – chromium-browser: Multiple file download protection bypass
https://notcve.org/view.php?id=CVE-2019-13665
29 Oct 2019 — Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page. Un filtrado insuficiente en Blink en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto omitir la protección de descarga de múltiples archivos por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed in... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13666 – chromium-browser: Side channel using storage size estimate
https://notcve.org/view.php?id=CVE-2019-13666
29 Oct 2019 — Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una fuga de información en storage en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed include bypass, cross site request forgery, fi... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-203: Observable Discrepancy •