CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-18359 – chromium-browser: Out of bounds read in V8
https://notcve.org/view.php?id=CVE-2018-18359
11 Dec 2018 — Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. La gestión incorrecta de Reflect.construct en V8 en Google Chrome en versiones anteriores a la 71.0.3578.80 permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 71... • http://www.securityfocus.com/bid/106084 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-18345 – chromium-browser: Inappropriate implementation in Site Isolation
https://notcve.org/view.php?id=CVE-2018-18345
11 Dec 2018 — Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page. El manejo incorrecto de URL blob en Site Isolation en Google Chrome, en versiones anteriores a la 71.0.3578.80 permitía a un atacante remoto que había comprometido el proceso "renderer" omitir protecciones de aislamiento de sitios mediante una página HTML manipulada. Chromium is an open-source... • http://www.securityfocus.com/bid/106084 •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-18335 – chromium-browser: Heap buffer overflow in Skia
https://notcve.org/view.php?id=CVE-2018-18335
11 Dec 2018 — Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de búfer basado en memoria dinámica (heap) en Skia en Google Chrome, en versiones anteriores a la 71.0.3578.80, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 71.0... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 89%CPEs: 5EXPL: 1CVE-2018-17480 – Google Chromium V8 Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2018-17480
11 Dec 2018 — Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Ejecución de código JavaScript proporcionado por el usuario durante una deserialización de arrays, la cual provoca una escritura fuera de límites en la versión "V8" de Google Chrome en versiones anteriores a la 71.0.3578.80, permitía a un atacante remoto ejecutar código a... • http://www.securityfocus.com/bid/106084 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17479 – chromium-browser: Use-after-free in GPU
https://notcve.org/view.php?id=CVE-2018-17479
26 Nov 2018 — Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Los cálculos incorrectos de la vida útil del objeto en el código de GPU en Google Chrome antes del 70.0.3538.110 permitieron a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to versio... • https://chromereleases.googleblog.com/2018/11/stable-channel-update-for-chrome-os.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16072 – Gentoo Linux Security Advisory 201811-10
https://notcve.org/view.php?id=CVE-2018-16072
23 Nov 2018 — A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page. La falta de una comprobación de origen relacionada con los manifiestos HLS en Blink en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto omitiese la política del mismo origen mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of... • http://www.securityfocus.com/bid/105215 • CWE-346: Origin Validation Error •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17478 – chromium-browser: Out of bounds memory access in V8
https://notcve.org/view.php?id=CVE-2018-17478
20 Nov 2018 — Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Los cálculos incorrectos de la posición de la matriz en V8 en Google Chrome antes de 70.0.3538.102 permitieron a un atacante remoto explotar la corrupción de objetos a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 70.0.3538.110. Issues addressed ... • https://chromereleases.googleblog.com/2018/11/stable-channel-update-for-desktop.html • CWE-129: Improper Validation of Array Index •
CVSS: 9.6EPSS: 0%CPEs: 6EXPL: 0CVE-2018-17472 – Gentoo Linux Security Advisory 201811-10
https://notcve.org/view.php?id=CVE-2018-17472
14 Nov 2018 — Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the