CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-5768 – chromium-browser: Insufficient policy enforcement in DevTools
https://notcve.org/view.php?id=CVE-2019-5768
11 Feb 2019 — DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension. El "gating" incorrecto de la API de DevTools en la capacidad de extensiones en DevTools en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante, que convenció al usuario para que instalase una extensión maliciosa, leer archivos locales mediante una ... • http://www.securityfocus.com/bid/106767 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-5776 – chromium-browser: Insufficient policy enforcement in Omnibox
https://notcve.org/view.php?id=CVE-2019-5776
11 Feb 2019 — Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. La gestión incorrecta de un carácter fácil de confundir en Omnibox en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía que un atacante remoto suplante el contenido del Omnibox (barra de URL) mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This up... • http://www.securityfocus.com/bid/106767 •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2019-5760 – chromium-browser: Use after free in WebRTC
https://notcve.org/view.php?id=CVE-2019-5760
11 Feb 2019 — Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La gestión de un ciclo de vida de la validez de un puntero en WebRTC en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía que un atacante remoto explotase la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades ... • http://www.securityfocus.com/bid/106767 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2019-5770 – chromium-browser: Heap buffer overflow in WebGL
https://notcve.org/view.php?id=CVE-2019-5770
11 Feb 2019 — Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. La validación de entradas insuficiente en WebGL en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto realizar una lectura fuera de límites mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.81. Issues addresse... • http://www.securityfocus.com/bid/106767 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5767 – chromium-browser: Incorrect security UI in WebAPKs
https://notcve.org/view.php?id=CVE-2019-5767
11 Feb 2019 — Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK. La protección de permisos de la interfaz de usuario insuficiente en WebAPKs en Google Chrome en Android, en versiones anteriores a la 72.0.3626.81, permitía a un atacante que convenció al usuario para que instalase una aplicación maliciosa acceder a API web sensibles... • http://www.securityfocus.com/bid/106767 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2019-5758 – chromium-browser: Use after free in Blink
https://notcve.org/view.php?id=CVE-2019-5758
11 Feb 2019 — Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La gestión de un ciclo de vida de un objecto incorrecta en Blink en Google Chrome, en versiones anteriores a la 72.0.3626.81, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium t... • http://www.securityfocus.com/bid/106767 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2019-5764 – chromium-browser: Use after free in WebRTC
https://notcve.org/view.php?id=CVE-2019-5764
11 Feb 2019 — Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La gestión de punteros incorrecta en WebRTC en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía que un atacante remoto explotase la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.81. Is... • http://www.securityfocus.com/bid/106767 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 2%CPEs: 9EXPL: 0CVE-2019-5759 – chromium-browser: Use after free in HTML select elements
https://notcve.org/view.php?id=CVE-2019-5759
11 Feb 2019 — Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. La gestión de un ciclo de vida incorrecta en HTML en determinados elementos en Google Chrome, Android o Mac, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto realizar un escape de sandbox mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. Thi... • http://www.securityfocus.com/bid/106767 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5780 – chromium-browser: Insufficient policy enforcement
https://notcve.org/view.php?id=CVE-2019-5780
11 Feb 2019 — Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events. Las restricciones insuficientes relativas a las capacidades de los eventos de Apple en Google Chrome en macOS, en versiones anteriores a 72.0.3626.81, permitía a un atacante local ejecutar JavaScript mediante los eventos de Apple. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0... • http://www.securityfocus.com/bid/106767 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2019-5772 – chromium-browser: Use after free in PDFium
https://notcve.org/view.php?id=CVE-2019-5772
11 Feb 2019 — Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. La compartición de objetos mediante llamadas en tiempo de ejecución de JavaScript en PDFium Google Chrome, en versiones anteriores a la 72.0.3626.81, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by ... • http://www.securityfocus.com/bid/106767 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •