Page 153 of 3369 results (0.013 seconds)

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en storage foundation en Google Chrome versiones anteriores a 96.0.4664.45, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Chrome suffers from a heap use-after-free vulnerability in blink::NativeIOFile::DoRead. • https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html https://crbug.com/1240593 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744 https://www.debian.org/security/2022/dsa-5046 • CWE-416: Use After Free •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una aplicación insuficiente de políticas en Autofill en Google Chrome versiones anteriores a 95.0.4638.69, permitía a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html https://crbug.com/1227170 https://www.debian.org/security/2022/dsa-5046 • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 1

Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una implementación inapropiada de V8 en Google Chrome versiones anteriores a 95.0.4638.69, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://github.com/SpiralBL0CK/Chrome-V8-RCE-CVE-2021-38003 https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html https://crbug.com/1263462 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744 https://www.debian.org/security/2022/dsa-5046 • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0

Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Un uso de memoria previamente liberada en Web Transport en Google Chrome versiones anteriores a 95.0.4638.69, permitía a un atacante remoto llevar a cabo un escape de sandbox por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html https://crbug.com/1260940 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744 https://www.debian.org/security/2022/dsa-5046 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 3

Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipos en V8 en Google Chrome versiones anteriores a 95.0.4638.69, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada • https://github.com/Peterpan0927/TFC-Chrome-v8-bug-CVE-2021-38001-poc https://github.com/maldiohead/TFC-Chrome-v8-bug-CVE-2021-38001-poc https://github.com/TheHermione/CVE-2021-38001 https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html https://crbug.com/1260577 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744 https://www.debian.org/security/2022/dsa-5046 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •