CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5783 – Debian Security Advisory 4395-1
https://notcve.org/view.php?id=CVE-2019-5783
19 Feb 2019 — Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page. La falta de codificación de URI de entrdas no fiables en DevTools en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía que un atacante remoto realizase un ataque de inyección de marcado colgante mediante una página HTML manipulada. Several vulnerabilities have been discovered in the chromium web browser. • https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-5784 – chromium-browser: Inappropriate implementation in V8
https://notcve.org/view.php?id=CVE-2019-5784
19 Feb 2019 — Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El manejo incorrecto del código diferido en V8 en Google Chrome antes de 72.0.3626.96 permitió que un atacante remoto pudiera explotar la corrupción del montón a través de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.96. Issues addressed include an in... • https://github.com/agenericapple/CVE-2019-5784-PoC • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5785 – mozilla: Integer overflow in Skia
https://notcve.org/view.php?id=CVE-2019-5785
15 Feb 2019 — Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. El manejo incorrecto del código diferido en V8 en Google Chrome antes de 72.0.3626.96 permitió que un atacante remoto pudiera explotar la corrupción del montón a través de una página HTML diseñada Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to... • https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 0%CPEs: 7EXPL: 0CVE-2019-5754 – chromium-browser: Inappropriate implementation in QUIC Networking
https://notcve.org/view.php?id=CVE-2019-5754
11 Feb 2019 — Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy. Un error de implementación en QUIC Networking en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante, que ejecutaba o era capaz de usar un servidor proxy, obtener el texto claro de un cifrado de transporte mediante un proxy de red malicioso. Chromium is an open-so... • http://www.securityfocus.com/bid/106767 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-5755 – chromium-browser: Inappropriate implementation in V8
https://notcve.org/view.php?id=CVE-2019-5755
11 Feb 2019 — Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. El manejo incorrecto de un "negative zero" en V8 en Google Chrome en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto realizar lecturas/escrituras arbitrarias mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.81. Issues addressed ... • http://www.securityfocus.com/bid/106767 • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 11%CPEs: 7EXPL: 0CVE-2019-5756 – chromium-browser: Use after free in PDFium
https://notcve.org/view.php?id=CVE-2019-5756
11 Feb 2019 — Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Una gestión de memoria incorrecta durante el cacheo en PDFium en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto ejecutar código arbitrario dentro de un sandbox mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium... • http://www.securityfocus.com/bid/106767 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2019-5757 – chromium-browser: Type Confusion in SVG
https://notcve.org/view.php?id=CVE-2019-5757
11 Feb 2019 — An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Una asunción de tipo de objeto incorrecta en SVG en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto explotar la corrupción de objectos mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.81. Issues addre... • http://www.securityfocus.com/bid/106767 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2019-5758 – chromium-browser: Use after free in Blink
https://notcve.org/view.php?id=CVE-2019-5758
11 Feb 2019 — Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La gestión de un ciclo de vida de un objecto incorrecta en Blink en Google Chrome, en versiones anteriores a la 72.0.3626.81, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium t... • http://www.securityfocus.com/bid/106767 • CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 2%CPEs: 9EXPL: 0CVE-2019-5759 – chromium-browser: Use after free in HTML select elements
https://notcve.org/view.php?id=CVE-2019-5759
11 Feb 2019 — Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. La gestión de un ciclo de vida incorrecta en HTML en determinados elementos en Google Chrome, Android o Mac, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto realizar un escape de sandbox mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. Thi... • http://www.securityfocus.com/bid/106767 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2019-5760 – chromium-browser: Use after free in WebRTC
https://notcve.org/view.php?id=CVE-2019-5760
11 Feb 2019 — Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La gestión de un ciclo de vida de la validez de un puntero en WebRTC en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía que un atacante remoto explotase la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades ... • http://www.securityfocus.com/bid/106767 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •