CVSS: 8.8EPSS: 15%CPEs: 7EXPL: 0CVE-2019-5756 – chromium-browser: Use after free in PDFium
https://notcve.org/view.php?id=CVE-2019-5756
11 Feb 2019 — Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Una gestión de memoria incorrecta durante el cacheo en PDFium en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto ejecutar código arbitrario dentro de un sandbox mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium... • http://www.securityfocus.com/bid/106767 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 18%CPEs: 7EXPL: 0CVE-2019-5762 – chromium-browser: Use after free in PDFium
https://notcve.org/view.php?id=CVE-2019-5762
11 Feb 2019 — Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Una gestión de memoria incorrecta durante el cacheo en PDFium en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto ejecutar código arbitrario dentro de un sandbox mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium... • http://www.securityfocus.com/bid/106767 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 15%CPEs: 6EXPL: 0CVE-2019-5771 – chromium-browser: Heap buffer overflow in SwiftShader
https://notcve.org/view.php?id=CVE-2019-5771
11 Feb 2019 — An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Un JIT incorrecto de shaders GLSl en SwiftShader en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto ejecutar código arbitrario mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.81. Issues addressed include a buf... • http://www.securityfocus.com/bid/106767 •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2019-5774 – chromium-browser: Insufficient validation of untrusted input in SafeBrowsing
https://notcve.org/view.php?id=CVE-2019-5774
11 Feb 2019 — Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file. La omisión del tipo de archivo ".desktop" de la lista de control en SafeBrowsing en Google Chrome en Linux, en versiones anteriores a la 72.0.3626.81, permitía a un atacante, que convenció a un usuario para que descargara un archivo ".desktop", ejecutar ... • http://www.securityfocus.com/bid/106767 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 5%CPEs: 7EXPL: 2CVE-2019-5782 – chromium-browser: Inappropriate implementation in V8
https://notcve.org/view.php?id=CVE-2019-5782
11 Feb 2019 — Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Asunciones de optimización incorrectas en Google Chrome, en sus versiones V8 anteriores a la 72.0.3626.81, permitía a un atacante remoto ejecutar código arbitrario dentro de un sandbox mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.81. Is... • https://github.com/ZwCreatePhoton/CVE-2019-5782_CVE-2019-13768 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15405
https://notcve.org/view.php?id=CVE-2017-15405
09 Jan 2019 — Inappropriate symlink handling and a race condition in the stateful recovery feature implementation could lead to a persistance established by a malicious code running with root privileges in cryptohomed in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page. La gestión de symlink inapropiada y una condición de carrera en la implementación de la funcionalidad de recuperación de estado podría provocar una persistencia establecida por có... • https://chromereleases.googleblog.com/2017/10/stable-channel-updates-for-chrome-os.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20066
https://notcve.org/view.php?id=CVE-2018-20066
09 Jan 2019 — Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Ciclo de vida de objetos incorrecto en Extensions en Google Chrome, en versiones anteriores a la 71.0.3578.80, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. • https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-17461
https://notcve.org/view.php?id=CVE-2018-17461
09 Jan 2019 — An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. Una lectura fuera de límites en PDFium en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante un archivo PDF manipulado. • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15404
https://notcve.org/view.php?id=CVE-2017-15404
09 Jan 2019 — An ability to process crash dumps under root privileges and inappropriate symlinks handling could lead to a local privilege escalation in Crash Reporting in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to perform privilege escalation via a crafted HTML page. Una capacidad de procesar volcados de cierre con privilegios de root y la gestión incorrecta de symlinks inapropriados podría provocar una escalación de privilegios en Crash Reporting en Google Chrome en Chrome OS, en versi... • https://chromereleases.googleblog.com/2017/10/stable-channel-updates-for-chrome-os.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15428
https://notcve.org/view.php?id=CVE-2017-15428
09 Jan 2019 — Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Una validación de datos insuficiente en V8 builtins string generator podría provocar un acceso de lectura y escritura hasta V8 en Google Chome, en versiones anteriores a la 62.0.3202.94, permitió que un atacante remoto ejecutara código arbitrario en un sandb... • https://github.com/w1ldb1t/CVE-2017-15428 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •