CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-5819 – chromium-browser: Incorrect escaping in developer tools
https://notcve.org/view.php?id=CVE-2019-5819
07 May 2019 — Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard. La validación de datos insuficiente en las herramientas de desarrollador en Google Chrome en OS X antes de 74.0.3729.108 permitió que un atacante local ejecutara código arbitrario a través de una cadena hecha a mano copiada al portapapeles. Chromium is an open-source web browser, powered by WebKit. This update upgrades Ch... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 3%CPEs: 8EXPL: 0CVE-2019-5820 – chromium-browser: Integer overflow in PDFium
https://notcve.org/view.php?id=CVE-2019-5820
07 May 2019 — Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. El desbordamiento de enteros en PDFium en Google Chrome antes de 74.0.3729.108 permitió a un atacante remoto explotar potencialmente la corrupción del montón a través de un archivo PDF creado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 74.0.3729.108. Issues addressed include buffer overflow, bypass... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5818 – chromium-browser: Uninitialized value in media reader
https://notcve.org/view.php?id=CVE-2019-5818
07 May 2019 — Uninitialized data in media in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Los datos no inicializados en medios en Google Chrome antes del 74.0.3729.108 permitieron a un atacante remoto obtener información potencialmente sensible de la memoria de proceso a través de un archivo de video creado Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 74.0.3729... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html • CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5814 – chromium-browser: CORS bypass in Blink
https://notcve.org/view.php?id=CVE-2019-5814
07 May 2019 — Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La aplicación insuficiente de políticas en Blink en Google Chrome antes de 74.0.3729.108 permitió a un atacante remoto filtrar datos de cross-origin a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 74.0.3729.108. Issues addressed include buffer overflow, bypass, an... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 1CVE-2019-5822 – chromium-browser: CORS bypass in download manager
https://notcve.org/view.php?id=CVE-2019-5822
07 May 2019 — Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. La implementación inadecuada en Blink en Google Chrome antes de 74.0.3729.108 permitió a un atacante remoto omitir la misma política de origen a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 74.0.3729.108. Issues addressed include buffer overflow, bypass, and info... • https://github.com/Silence-Rain/14-828_Exploitation_of_CVE-2019-5822 •
CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5823 – chromium-browser: Forced navigation from service worker
https://notcve.org/view.php?id=CVE-2019-5823
07 May 2019 — Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. La aplicación de políticas insuficientes en los trabajadores del servicio en Google Chrome antes del 74.0.3729.108 permitió a un atacante remoto eludir las restricciones de navegación a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 74.0.3729.108.... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2019-5805 – chromium-browser: Use after free in PDFium
https://notcve.org/view.php?id=CVE-2019-5805
07 May 2019 — Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Use-after-free en PDFium en Google Chrome antes del 74.0.3729.108 permitió a un atacante remoto explotar potencialmente la corrupción del montón a través de un archivo PDF creado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 74.0.3729.108. Issues addressed include buffer overflow, bypass, and informati... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 15EXPL: 0CVE-2019-5798 – chromium-browser: Out of bounds read in Skia
https://notcve.org/view.php?id=CVE-2019-5798
28 Mar 2019 — Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. La falta de comprobación de límites correcta en Skia en Google Chrome antes de la versión 73.0.3683.75, permitió que un atacante remoto ejecutara una lectura de memoria fuera de límites por medio de una página HTML creada. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This up... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-5787 – chromium-browser: Use after free in Canvas
https://notcve.org/view.php?id=CVE-2019-5787
28 Mar 2019 — Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El uso de memoria después del proceso Garbage-Collection en Blink en Google Chrome antes de la versión 73.0.3683.75, permitió a un atacante remoto explotar potencialmente la corrupción de pila por medio de una página HTML creada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 73.0.3683.75. I... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-5802 – chromium-browser: Security UI spoofing
https://notcve.org/view.php?id=CVE-2019-5802
28 Mar 2019 — Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. El manejo inadecuado de los orígenes de descarga en Navigation en Google Chrome antes de la versión 73.0.3683.75, permitió que un atacante remoto ejecutara una suplantación de dominios por medio de una página HTML creada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 73.0.3683.75. Issues... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html •