CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-5776 – chromium-browser: Insufficient policy enforcement in Omnibox
https://notcve.org/view.php?id=CVE-2019-5776
11 Feb 2019 — Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. La gestión incorrecta de un carácter fácil de confundir en Omnibox en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía que un atacante remoto suplante el contenido del Omnibox (barra de URL) mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This up... • http://www.securityfocus.com/bid/106767 •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-5777 – chromium-browser: Insufficient policy enforcement in Omnibox
https://notcve.org/view.php?id=CVE-2019-5777
11 Feb 2019 — Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. La gestión incorrecta de un carácter fácil de confundir en Omnibox en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía que un atacante remoto suplante el contenido del Omnibox (barra de URL) mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This up... • http://www.securityfocus.com/bid/106767 •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-5778 – chromium-browser: Insufficient policy enforcement in Extensions
https://notcve.org/view.php?id=CVE-2019-5778
11 Feb 2019 — A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension. La falta de un caso para la gestión de esquemas especiales en las comprobaciones de peticiones de permisos en Extensions en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante, que convenció a... • http://www.securityfocus.com/bid/106767 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2019-5779 – chromium-browser: Insufficient policy enforcement in ServiceWorker
https://notcve.org/view.php?id=CVE-2019-5779
11 Feb 2019 — Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. La validación de políticas insuficiente en ServiceWorker en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto omitir las restricciones de navegación en una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.81. Issues a... • http://www.securityfocus.com/bid/106767 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5780 – chromium-browser: Insufficient policy enforcement
https://notcve.org/view.php?id=CVE-2019-5780
11 Feb 2019 — Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events. Las restricciones insuficientes relativas a las capacidades de los eventos de Apple en Google Chrome en macOS, en versiones anteriores a 72.0.3626.81, permitía a un atacante local ejecutar JavaScript mediante los eventos de Apple. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0... • http://www.securityfocus.com/bid/106767 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-5781 – chromium-browser: Insufficient policy enforcement in Omnibox
https://notcve.org/view.php?id=CVE-2019-5781
11 Feb 2019 — Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. La gestión incorrecta de un carácter fácil de confundir en Omnibox en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía que un atacante remoto suplante el contenido del Omnibox (barra de URL) mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This up... • http://www.securityfocus.com/bid/106767 •
CVSS: 8.8EPSS: 3%CPEs: 7EXPL: 2CVE-2019-5782 – chromium-browser: Inappropriate implementation in V8
https://notcve.org/view.php?id=CVE-2019-5782
11 Feb 2019 — Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Asunciones de optimización incorrectas en Google Chrome, en sus versiones V8 anteriores a la 72.0.3626.81, permitía a un atacante remoto ejecutar código arbitrario dentro de un sandbox mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.81. Is... • https://github.com/ZwCreatePhoton/CVE-2019-5782_CVE-2019-13768 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6113 – chromium-browser: URL spoof in Navigation
https://notcve.org/view.php?id=CVE-2018-6113
09 Jan 2019 — Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page. El manejo incorrecto de las entradas de navegación pendientes en Navigation en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto suplantase dominios mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103917 • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-15403
https://notcve.org/view.php?id=CVE-2017-15403
09 Jan 2019 — Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page. Validación insuficiente de datos en crosh podría conducir a una inyección de comandos con privilegios de chronos en Networking en Google Chrome, en Chrome OS en versiones anteriores a la 61.0.3163.113, lo que permitía que un atacante local ejecute código arbitrario median... • https://chromereleases.googleblog.com/2017/10/stable-channel-updates-for-chrome-os.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2017-15402
https://notcve.org/view.php?id=CVE-2017-15402
09 Jan 2019 — Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. La utilización de un identificador que puede ser controlado por un renderizador que permite a cualquier trama sobreescribir el parámetro page_state de cualquier ot... • https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html • CWE-20: Improper Input Validation •