CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13664 – chromium-browser: CSRF bypass
https://notcve.org/view.php?id=CVE-2019-13664
29 Oct 2019 — Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. Una aplicación de política insuficiente en Blink en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto omitir la política de seguridad de contenido por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addresse... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-346: Origin Validation Error •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13668 – chromium-browser: Global window leak via console
https://notcve.org/view.php?id=CVE-2019-13668
29 Oct 2019 — Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una aplicación de política insuficiente en developer tools en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-281: Improper Preservation of Permissions •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13681 – chromium-browser: Bypass on download restrictions
https://notcve.org/view.php?id=CVE-2019-13681
29 Oct 2019 — Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page. Una comprobación de datos insuficiente en downloads en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto omitir las restricciones de descarga por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed incl... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13665 – chromium-browser: Multiple file download protection bypass
https://notcve.org/view.php?id=CVE-2019-13665
29 Oct 2019 — Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page. Un filtrado insuficiente en Blink en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto omitir la protección de descarga de múltiples archivos por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed in... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13660 – chromium-browser: Full screen notification overlap
https://notcve.org/view.php?id=CVE-2019-13660
29 Oct 2019 — UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page. Una suplantación de la Interfaz de Usuario en Chromium en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto falsificar notificaciones por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed include bypass, cross site request forg... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5880 – chromium-browser: SameSite cookie bypass
https://notcve.org/view.php?id=CVE-2019-5880
29 Oct 2019 — Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una aplicación de política insuficiente en Blink en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed include bypass, cro... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13670 – chromium-browser: V8 memory corruption in regex
https://notcve.org/view.php?id=CVE-2019-13670
29 Oct 2019 — Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una comprobación de datos insuficiente en JavaScript en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120.... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13679 – chromium-browser: User gesture needed for printing
https://notcve.org/view.php?id=CVE-2019-13679
29 Oct 2019 — Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file. Una aplicación de política insuficiente en PDFium en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto mostrar cuadros de diálogo de impresión por medio de un archivo PDF diseñado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed include bypass,... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5870 – chromium-browser: Use-after-free in media
https://notcve.org/view.php?id=CVE-2019-5870
29 Oct 2019 — Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en media en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto potencialmente realizar un escape de sandbox por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed include... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13692 – chromium-browser: SOP bypass
https://notcve.org/view.php?id=CVE-2019-13692
29 Oct 2019 — Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. Una aplicación de política insuficiente en reader mode en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto omitir el aislamiento del sitio por medio de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 77.0.3865.120. Issues addressed include ... • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation •