CVSS: 7.5EPSS: 40%CPEs: 5EXPL: 2CVE-2019-5796 – Google Chrome < M73 - Data Race in ExtensionsGuestViewMessageFilter
https://notcve.org/view.php?id=CVE-2019-5796
19 Mar 2019 — Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La carrera de datos en Extensions Guest View en Google Chrome antes de la versión 73.0.3683.75, permitió a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML creada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 73.0.3683.75. Issues addressed include... • https://packetstorm.news/files/id/152143 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-787: Out-of-bounds Write •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 2CVE-2019-5797 – Google Chrome < M73 - Double-Destruction Race in StoragePartitionService
https://notcve.org/view.php?id=CVE-2019-5797
19 Mar 2019 — Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una doble liberación en DOMStorage en Google Chrome versiones anteriores a 73.0.3683.75, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada There's a race condition in the destruction of the BindingState for bindings to the StoragePartitionService in Chrome. It looks like the root cause of ... • https://packetstorm.news/files/id/152141 • CWE-415: Double Free •
CVSS: 8.8EPSS: 96%CPEs: 1EXPL: 4CVE-2019-5786 – Google Chrome Blink Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2019-5786
11 Mar 2019 — Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. El problema de la vida útil del objeto en Blink en Google Chrome antes del 72.0.3626.121 permitió que un atacante remoto pudiera realizar un acceso a la memoria fuera de límites a través de una página HTML diseñada. Clement Lecigne discovered a use-after-free issue in chromium's file reader implementation. A maliciously crafted file coul... • https://packetstorm.news/files/id/152772 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-5784 – chromium-browser: Inappropriate implementation in V8
https://notcve.org/view.php?id=CVE-2019-5784
19 Feb 2019 — Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El manejo incorrecto del código diferido en V8 en Google Chrome antes de 72.0.3626.96 permitió que un atacante remoto pudiera explotar la corrupción del montón a través de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.96. Issues addressed include an in... • https://github.com/agenericapple/CVE-2019-5784-PoC • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5783 – Debian Security Advisory 4395-1
https://notcve.org/view.php?id=CVE-2019-5783
19 Feb 2019 — Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page. La falta de codificación de URI de entrdas no fiables en DevTools en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía que un atacante remoto realizase un ataque de inyección de marcado colgante mediante una página HTML manipulada. Several vulnerabilities have been discovered in the chromium web browser. • https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5785 – mozilla: Integer overflow in Skia
https://notcve.org/view.php?id=CVE-2019-5785
15 Feb 2019 — Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. El manejo incorrecto del código diferido en V8 en Google Chrome antes de 72.0.3626.96 permitió que un atacante remoto pudiera explotar la corrupción del montón a través de una página HTML diseñada Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to... • https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 11%CPEs: 6EXPL: 0CVE-2019-5771 – chromium-browser: Heap buffer overflow in SwiftShader
https://notcve.org/view.php?id=CVE-2019-5771
11 Feb 2019 — An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Un JIT incorrecto de shaders GLSl en SwiftShader en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto ejecutar código arbitrario mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.81. Issues addressed include a buf... • http://www.securityfocus.com/bid/106767 •
CVSS: 8.8EPSS: 3%CPEs: 7EXPL: 0CVE-2019-5769 – chromium-browser: Insufficient validation of untrusted input in Blink
https://notcve.org/view.php?id=CVE-2019-5769
11 Feb 2019 — Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La gestión incorrecta de la posición de caracteres finales inválida cuando la renderización frontal en Blink en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto explotar una corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium ... • https://access.redhat.com/errata/RHSA-2019:0309 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2019-5763 – chromium-browser: Insufficient validation of untrusted input in V8
https://notcve.org/view.php?id=CVE-2019-5763
11 Feb 2019 — Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La no comprobación de condiciones de error en Google Chrome, en sus versiones V8 anteriores a la 72.0.3626.81, permitía que un atacante remoto explotase la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626... • http://www.securityfocus.com/bid/106767 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5765 – chromium-browser: Insufficient policy enforcement in the browser
https://notcve.org/view.php?id=CVE-2019-5765
11 Feb 2019 — An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent. Un endpoint de depuración expuesta en el navegador de Google Chrome en Android, en versiones anteriores a la 72.0.3626.81, permitía a un atacante local obtener información sensible desde la memoria del proceso mediante un intent manipulado. Chromium is an open-source web browser, powered by WebKit. This u... • http://www.securityfocus.com/bid/106767 • CWE-312: Cleartext Storage of Sensitive Information •