CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-18343 – chromium-browser: Use after free in Skia
https://notcve.org/view.php?id=CVE-2018-18343
11 Dec 2018 — Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Manejo incorrecto de rutas que provoca un uso de memoria previamente liberada en Skia en Google Chrome en versiones anteriores a la 71.0.3578.80, permitía a un atacante remoto explotar la corrupción de la memoria dinámica (heap) Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to... • http://www.securityfocus.com/bid/106084 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-18354 – chromium-browser: Insufficient data validation in Shell Integration
https://notcve.org/view.php?id=CVE-2018-18354
11 Dec 2018 — Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page. La validación insuficiente de los protocolos externos en Shell Integration en Google Chrome en Windows en versiones anteriores a la 71.0.3578.80 permitía que un atacante remoto lanzase programas externos mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrad... • http://www.securityfocus.com/bid/106084 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-18341 – chromium-browser: Heap buffer overflow in Blink
https://notcve.org/view.php?id=CVE-2018-18341
11 Dec 2018 — An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de enteros basado en memoria dinámica (heap) en Blink en Google Chrome, en versiones anteriores a la 71.0.3578.80, permite a un atacante remoto explotar la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This upda... • http://www.securityfocus.com/bid/106084 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-18339 – chromium-browser: Use after free in WebAudio
https://notcve.org/view.php?id=CVE-2018-18339
11 Dec 2018 — Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El ciclo de vida de un objecto incorrecto en WebAudio en Google Chrome, en versiones anteriores a la 71.0.3578.80, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 71.0.3578... • http://www.securityfocus.com/bid/106084 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-18346 – chromium-browser: Incorrect security UI in Blink
https://notcve.org/view.php?id=CVE-2018-18346
11 Dec 2018 — Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page. El manejo incorrecto de cuadros de alertas emergentes en Blink en Google Chrome en versiones anteriores a la 71.0.3578.80, permitía a un atacante remoto presentar interfaces de usuario de navegador confusas mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to versi... • http://www.securityfocus.com/bid/106084 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-18351 – chromium-browser: Insufficient policy enforcement in Navigation
https://notcve.org/view.php?id=CVE-2018-18351
11 Dec 2018 — Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page. La falta de validación adecuada de los frames ancestor al enviar cookies lax en Navigation en Google Chrome en versiones anteriores a la 71.0.3578.80 permitía que un atacante remoto omita la política de la cookie SameSite mediante una página HTML manipulada. Chromium is an open-source web browser, p... • http://www.securityfocus.com/bid/106084 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17479 – chromium-browser: Use-after-free in GPU
https://notcve.org/view.php?id=CVE-2018-17479
26 Nov 2018 — Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Los cálculos incorrectos de la vida útil del objeto en el código de GPU en Google Chrome antes del 70.0.3538.110 permitieron a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to versio... • https://chromereleases.googleblog.com/2018/11/stable-channel-update-for-chrome-os.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16072 – Gentoo Linux Security Advisory 201811-10
https://notcve.org/view.php?id=CVE-2018-16072
23 Nov 2018 — A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page. La falta de una comprobación de origen relacionada con los manifiestos HLS en Blink en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto omitiese la política del mismo origen mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of... • http://www.securityfocus.com/bid/105215 • CWE-346: Origin Validation Error •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17478 – chromium-browser: Out of bounds memory access in V8
https://notcve.org/view.php?id=CVE-2018-17478
20 Nov 2018 — Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Los cálculos incorrectos de la posición de la matriz en V8 en Google Chrome antes de 70.0.3538.102 permitieron a un atacante remoto explotar la corrupción de objetos a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 70.0.3538.110. Issues addressed ... • https://chromereleases.googleblog.com/2018/11/stable-channel-update-for-desktop.html • CWE-129: Improper Validation of Array Index •
CVSS: 9.6EPSS: 0%CPEs: 6EXPL: 0CVE-2018-17472 – Gentoo Linux Security Advisory 201811-10
https://notcve.org/view.php?id=CVE-2018-17472
14 Nov 2018 — Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the