CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13678 – chromium-browser: Download dialog spoofing
https://notcve.org/view.php?id=CVE-2019-13678
29 Oct 2019 — Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Una comprobación de datos incorrecta en downloads en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto realizar una suplantación de dominios por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed include bypas... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13688 – chromium-browser: Use-after-free in media
https://notcve.org/view.php?id=CVE-2019-13688
29 Oct 2019 — Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en Blink en Google Chrome versiones anteriores a 77.0.3865.90, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed inc... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13693 – chromium-browser: Use-after-free in IndexedDB
https://notcve.org/view.php?id=CVE-2019-13693
29 Oct 2019 — Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Un uso de la memoria previamente liberada en IndexedDB en Google Chrome versiones anteriores a 77.0.3865.120, permitió a un atacante remoto, que había comprometido el proceso del renderizador, ejecutar código arbitrario por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This upd... • https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5870 – chromium-browser: Use-after-free in media
https://notcve.org/view.php?id=CVE-2019-5870
29 Oct 2019 — Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en media en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto potencialmente realizar un escape de sandbox por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed include... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13663 – chromium-browser: IDN spoof
https://notcve.org/view.php?id=CVE-2019-13663
29 Oct 2019 — IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Una suplantación de identidad en IDN en Omnibox en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto realizar una suplantación de dominio mediante homógrafos IDN por medio de un nombre de dominio diseñado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13666 – chromium-browser: Side channel using storage size estimate
https://notcve.org/view.php?id=CVE-2019-13666
29 Oct 2019 — Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una fuga de información en storage en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed include bypass, cross site request forgery, fi... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-203: Observable Discrepancy •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13681 – chromium-browser: Bypass on download restrictions
https://notcve.org/view.php?id=CVE-2019-13681
29 Oct 2019 — Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page. Una comprobación de datos insuficiente en downloads en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto omitir las restricciones de descarga por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed incl... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13698 – Google Chromium RegExpReplace Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13698
29 Oct 2019 — Out of bounds memory access in JavaScript in Google Chrome prior to 73.0.3683.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un acceso a la memoria fuera de límites en JavaScript en Google Chrome versiones anteriores a 73.0.3683.103, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chromiu... • https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13661 – chromium-browser: Full screen notification spoof
https://notcve.org/view.php?id=CVE-2019-13661
29 Oct 2019 — UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page. Una suplantación de la Interfaz de Usuario en Chromium en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto falsificar notificaciones por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed include bypass, cross site request forg... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13675 – chromium-browser: Extensions can be disabled by trailing slash
https://notcve.org/view.php?id=CVE-2019-13675
29 Oct 2019 — Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page. Una comprobación de datos insuficiente en extensions en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto deshabilitar extensiones por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed include bypass, cross si... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation •