CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-17481 – chromium-browser: Use after frees in PDFium
https://notcve.org/view.php?id=CVE-2018-17481
11 Dec 2018 — Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. El manejo incorrecto del ciclo de vida de objetos en PDFium en Google Chrome, en versiones anteriores a la 71.0.3578.98, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium t... • http://www.securityfocus.com/bid/106084 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-18348 – chromium-browser: Inappropriate implementation in Omnibox
https://notcve.org/view.php?id=CVE-2018-18348
11 Dec 2018 — Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. El manejo incorrecto de nombres de dominio bidireccionales con caracteres RTL en Omnibox en Google Chrome, en versiones anteriores a la 71.0.3578.80, permitía que un atacante remoto suplante el contenido del Omnibox (barra de URL) mediante un nombre de dominio manipulado. Chromium is an open-... • http://www.securityfocus.com/bid/106084 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-18351 – chromium-browser: Insufficient policy enforcement in Navigation
https://notcve.org/view.php?id=CVE-2018-18351
11 Dec 2018 — Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page. La falta de validación adecuada de los frames ancestor al enviar cookies lax en Navigation en Google Chrome en versiones anteriores a la 71.0.3578.80 permitía que un atacante remoto omita la política de la cookie SameSite mediante una página HTML manipulada. Chromium is an open-source web browser, p... • http://www.securityfocus.com/bid/106084 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-18359 – chromium-browser: Out of bounds read in V8
https://notcve.org/view.php?id=CVE-2018-18359
11 Dec 2018 — Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. La gestión incorrecta de Reflect.construct en V8 en Google Chrome en versiones anteriores a la 71.0.3578.80 permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 71... • http://www.securityfocus.com/bid/106084 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-18345 – chromium-browser: Inappropriate implementation in Site Isolation
https://notcve.org/view.php?id=CVE-2018-18345
11 Dec 2018 — Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page. El manejo incorrecto de URL blob en Site Isolation en Google Chrome, en versiones anteriores a la 71.0.3578.80 permitía a un atacante remoto que había comprometido el proceso "renderer" omitir protecciones de aislamiento de sitios mediante una página HTML manipulada. Chromium is an open-source... • http://www.securityfocus.com/bid/106084 •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-18335 – chromium-browser: Heap buffer overflow in Skia
https://notcve.org/view.php?id=CVE-2018-18335
11 Dec 2018 — Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de búfer basado en memoria dinámica (heap) en Skia en Google Chrome, en versiones anteriores a la 71.0.3578.80, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 71.0... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-18339 – chromium-browser: Use after free in WebAudio
https://notcve.org/view.php?id=CVE-2018-18339
11 Dec 2018 — Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El ciclo de vida de un objecto incorrecto en WebAudio en Google Chrome, en versiones anteriores a la 71.0.3578.80, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 71.0.3578... • http://www.securityfocus.com/bid/106084 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-18346 – chromium-browser: Incorrect security UI in Blink
https://notcve.org/view.php?id=CVE-2018-18346
11 Dec 2018 — Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page. El manejo incorrecto de cuadros de alertas emergentes en Blink en Google Chrome en versiones anteriores a la 71.0.3578.80, permitía a un atacante remoto presentar interfaces de usuario de navegador confusas mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to versi... • http://www.securityfocus.com/bid/106084 •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-18344 – chromium-browser: Inappropriate implementation in Extensions
https://notcve.org/view.php?id=CVE-2018-18344
11 Dec 2018 — Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension. La asignación incorrecta de la funcionalidad de protocolo "setDownloadBehavior" en Extensions en Google Chrome en versiones anteriores a 71.0.3578.80 permitía a un atacante remoto con el control de una extensión instalada acceder a archivos en ... • http://www.securityfocus.com/bid/106084 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 0CVE-2018-18340 – chromium-browser: Use after free in MediaRecorder
https://notcve.org/view.php?id=CVE-2018-18340
11 Dec 2018 — Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El ciclo de vida de un objecto incorrecto en MediaRecorder en Google Chrome, en versiones anteriores a la 71.0.3578.80, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version... • http://www.securityfocus.com/bid/106084 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •