CVSS: 8.8EPSS: 3%CPEs: 7EXPL: 0CVE-2019-5769 – chromium-browser: Insufficient validation of untrusted input in Blink
https://notcve.org/view.php?id=CVE-2019-5769
11 Feb 2019 — Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La gestión incorrecta de la posición de caracteres finales inválida cuando la renderización frontal en Blink en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto explotar una corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium ... • https://access.redhat.com/errata/RHSA-2019:0309 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2019-5763 – chromium-browser: Insufficient validation of untrusted input in V8
https://notcve.org/view.php?id=CVE-2019-5763
11 Feb 2019 — Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La no comprobación de condiciones de error en Google Chrome, en sus versiones V8 anteriores a la 72.0.3626.81, permitía que un atacante remoto explotase la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626... • http://www.securityfocus.com/bid/106767 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5765 – chromium-browser: Insufficient policy enforcement in the browser
https://notcve.org/view.php?id=CVE-2019-5765
11 Feb 2019 — An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent. Un endpoint de depuración expuesta en el navegador de Google Chrome en Android, en versiones anteriores a la 72.0.3626.81, permitía a un atacante local obtener información sensible desde la memoria del proceso mediante un intent manipulado. Chromium is an open-source web browser, powered by WebKit. This u... • http://www.securityfocus.com/bid/106767 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 2%CPEs: 6EXPL: 0CVE-2019-5761 – chromium-browser: Use after free in SwiftShader
https://notcve.org/view.php?id=CVE-2019-5761
11 Feb 2019 — Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La gestión de un ciclo de vida de un objecto incorrecta en SwiftShader en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía que un atacante remoto explotase la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgr... • http://www.securityfocus.com/bid/106767 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-5777 – chromium-browser: Insufficient policy enforcement in Omnibox
https://notcve.org/view.php?id=CVE-2019-5777
11 Feb 2019 — Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. La gestión incorrecta de un carácter fácil de confundir en Omnibox en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía que un atacante remoto suplante el contenido del Omnibox (barra de URL) mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This up... • http://www.securityfocus.com/bid/106767 •
CVSS: 9.6EPSS: 0%CPEs: 7EXPL: 0CVE-2019-5754 – chromium-browser: Inappropriate implementation in QUIC Networking
https://notcve.org/view.php?id=CVE-2019-5754
11 Feb 2019 — Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy. Un error de implementación en QUIC Networking en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante, que ejecutaba o era capaz de usar un servidor proxy, obtener el texto claro de un cifrado de transporte mediante un proxy de red malicioso. Chromium is an open-so... • http://www.securityfocus.com/bid/106767 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2019-5757 – chromium-browser: Type Confusion in SVG
https://notcve.org/view.php?id=CVE-2019-5757
11 Feb 2019 — An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Una asunción de tipo de objeto incorrecta en SVG en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto explotar la corrupción de objectos mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.81. Issues addre... • http://www.securityfocus.com/bid/106767 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-5775 – chromium-browser: Insufficient policy enforcement in Omnibox
https://notcve.org/view.php?id=CVE-2019-5775
11 Feb 2019 — Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. La gestión incorrecta de un carácter fácil de confundir en Omnibox en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía que un atacante remoto suplante el contenido del Omnibox (barra de URL) mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This up... • http://www.securityfocus.com/bid/106767 •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2019-5779 – chromium-browser: Insufficient policy enforcement in ServiceWorker
https://notcve.org/view.php?id=CVE-2019-5779
11 Feb 2019 — Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. La validación de políticas insuficiente en ServiceWorker en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto omitir las restricciones de navegación en una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.81. Issues a... • http://www.securityfocus.com/bid/106767 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 0CVE-2019-5766 – chromium-browser: Insufficient policy enforcement in Canvas
https://notcve.org/view.php?id=CVE-2019-5766
11 Feb 2019 — Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La gestión incorrecta de la comprobación de origen "taint" en Canvas en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto filtrar datos Cross-Origin mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.81. Issu... • https://access.redhat.com/errata/RHSA-2019:0309 •