CVSS: 8.8EPSS: 18%CPEs: 7EXPL: 0CVE-2019-5762 – chromium-browser: Use after free in PDFium
https://notcve.org/view.php?id=CVE-2019-5762
11 Feb 2019 — Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Una gestión de memoria incorrecta durante el cacheo en PDFium en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto ejecutar código arbitrario dentro de un sandbox mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium... • http://www.securityfocus.com/bid/106767 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.6EPSS: 2%CPEs: 9EXPL: 0CVE-2019-5759 – chromium-browser: Use after free in HTML select elements
https://notcve.org/view.php?id=CVE-2019-5759
11 Feb 2019 — Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. La gestión de un ciclo de vida incorrecta en HTML en determinados elementos en Google Chrome, Android o Mac, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto realizar un escape de sandbox mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. Thi... • http://www.securityfocus.com/bid/106767 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 5%CPEs: 7EXPL: 2CVE-2019-5782 – chromium-browser: Inappropriate implementation in V8
https://notcve.org/view.php?id=CVE-2019-5782
11 Feb 2019 — Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Asunciones de optimización incorrectas en Google Chrome, en sus versiones V8 anteriores a la 72.0.3626.81, permitía a un atacante remoto ejecutar código arbitrario dentro de un sandbox mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.81. Is... • https://github.com/ZwCreatePhoton/CVE-2019-5782_CVE-2019-13768 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5765 – chromium-browser: Insufficient policy enforcement in the browser
https://notcve.org/view.php?id=CVE-2019-5765
11 Feb 2019 — An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent. Un endpoint de depuración expuesta en el navegador de Google Chrome en Android, en versiones anteriores a la 72.0.3626.81, permitía a un atacante local obtener información sensible desde la memoria del proceso mediante un intent manipulado. Chromium is an open-source web browser, powered by WebKit. This u... • http://www.securityfocus.com/bid/106767 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2019-5763 – chromium-browser: Insufficient validation of untrusted input in V8
https://notcve.org/view.php?id=CVE-2019-5763
11 Feb 2019 — Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La no comprobación de condiciones de error en Google Chrome, en sus versiones V8 anteriores a la 72.0.3626.81, permitía que un atacante remoto explotase la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626... • http://www.securityfocus.com/bid/106767 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2019-5757 – chromium-browser: Type Confusion in SVG
https://notcve.org/view.php?id=CVE-2019-5757
11 Feb 2019 — An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Una asunción de tipo de objeto incorrecta en SVG en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto explotar la corrupción de objectos mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.81. Issues addre... • http://www.securityfocus.com/bid/106767 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2019-5764 – chromium-browser: Use after free in WebRTC
https://notcve.org/view.php?id=CVE-2019-5764
11 Feb 2019 — Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La gestión de punteros incorrecta en WebRTC en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía que un atacante remoto explotase la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.81. Is... • http://www.securityfocus.com/bid/106767 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-5778 – chromium-browser: Insufficient policy enforcement in Extensions
https://notcve.org/view.php?id=CVE-2019-5778
11 Feb 2019 — A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension. La falta de un caso para la gestión de esquemas especiales en las comprobaciones de peticiones de permisos en Extensions en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante, que convenció a... • http://www.securityfocus.com/bid/106767 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2019-5770 – chromium-browser: Heap buffer overflow in WebGL
https://notcve.org/view.php?id=CVE-2019-5770
11 Feb 2019 — Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. La validación de entradas insuficiente en WebGL en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto realizar una lectura fuera de límites mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.81. Issues addresse... • http://www.securityfocus.com/bid/106767 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-5776 – chromium-browser: Insufficient policy enforcement in Omnibox
https://notcve.org/view.php?id=CVE-2019-5776
11 Feb 2019 — Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. La gestión incorrecta de un carácter fácil de confundir en Omnibox en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía que un atacante remoto suplante el contenido del Omnibox (barra de URL) mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This up... • http://www.securityfocus.com/bid/106767 •