CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21131 – Debian Security Advisory 4846-1
https://notcve.org/view.php?id=CVE-2021-21131
25 Jan 2021 — Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Una aplicación de políticas insuficientes en File System API en Google Chrome versiones anteriores a 88.0.4324.96, permitió a un atacante remoto omitir las restricciones del sistema de archivos por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result i... • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 82%CPEs: 11EXPL: 2CVE-2020-16009 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2020-16009
03 Nov 2020 — Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una implementación inapropiada en V8 en Google Chrome anterior a versión 86.0.4240.183, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.183. Issues addressed include b... • https://packetstorm.news/files/id/159974 • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •