CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13679 – chromium-browser: User gesture needed for printing
https://notcve.org/view.php?id=CVE-2019-13679
29 Oct 2019 — Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file. Una aplicación de política insuficiente en PDFium en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto mostrar cuadros de diálogo de impresión por medio de un archivo PDF diseñado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed include bypass,... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13680 – chromium-browser: IP address spoofing to servers
https://notcve.org/view.php?id=CVE-2019-13680
29 Oct 2019 — Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections. Una implementación inapropiada en TLS en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto falsificar la dirección IP del cliente para sitios web por medio de conexiones TLS diseñadas. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addre... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13681 – chromium-browser: Bypass on download restrictions
https://notcve.org/view.php?id=CVE-2019-13681
29 Oct 2019 — Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page. Una comprobación de datos insuficiente en downloads en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto omitir las restricciones de descarga por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed incl... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13682 – chromium-browser: Site isolation bypass
https://notcve.org/view.php?id=CVE-2019-13682
29 Oct 2019 — Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Una aplicación de política insuficiente en external protocol handling en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto omitir la política del mismo origen por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-281: Improper Preservation of Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13691 – chromium-browser: Omnibox spoof
https://notcve.org/view.php?id=CVE-2019-13691
29 Oct 2019 — Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. La comprobación insuficiente de una entrada no confiable en navigation en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto falsificar el contenido del Omnibox (barra de URL) por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update up... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13692 – chromium-browser: SOP bypass
https://notcve.org/view.php?id=CVE-2019-13692
29 Oct 2019 — Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. Una aplicación de política insuficiente en reader mode en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto omitir el aislamiento del sitio por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed include ... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5870 – chromium-browser: Use-after-free in media
https://notcve.org/view.php?id=CVE-2019-5870
29 Oct 2019 — Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en media en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto potencialmente realizar un escape de sandbox por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed include... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5871 – chromium-browser: Heap overflow in Skia
https://notcve.org/view.php?id=CVE-2019-5871
29 Oct 2019 — Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de búfer de la pila en Skia en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed inc... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5872 – chromium-browser: Use-after-free in Mojo
https://notcve.org/view.php?id=CVE-2019-5872
29 Oct 2019 — Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en Mojo en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed inclu... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5874 – chromium-browser: External URIs may trigger other browsers
https://notcve.org/view.php?id=CVE-2019-5874
29 Oct 2019 — Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Un filtrado insuficiente en URI schemes en Google Chrome en Windows versiones anteriores a 77.0.3865.75, permitió a un atacante remoto omitir las restricciones de navegación por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addr... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html •