CVSS: 6.5EPSS: 2%CPEs: 6EXPL: 0CVE-2018-6116 – chromium-browser: Incorrect low memory handling in WebAssembly
https://notcve.org/view.php?id=CVE-2018-6116
04 Dec 2018 — A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Una desreferencia nullptr en WebAssembly en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto pudiese realizar un acceso a la memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103917 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17479 – chromium-browser: Use-after-free in GPU
https://notcve.org/view.php?id=CVE-2018-17479
26 Nov 2018 — Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Los cálculos incorrectos de la vida útil del objeto en el código de GPU en Google Chrome antes del 70.0.3538.110 permitieron a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to versio... • https://chromereleases.googleblog.com/2018/11/stable-channel-update-for-chrome-os.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16072 – Gentoo Linux Security Advisory 201811-10
https://notcve.org/view.php?id=CVE-2018-16072
23 Nov 2018 — A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page. La falta de una comprobación de origen relacionada con los manifiestos HLS en Blink en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto omitiese la política del mismo origen mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of... • http://www.securityfocus.com/bid/105215 • CWE-346: Origin Validation Error •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17478 – chromium-browser: Out of bounds memory access in V8
https://notcve.org/view.php?id=CVE-2018-17478
20 Nov 2018 — Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Los cálculos incorrectos de la posición de la matriz en V8 en Google Chrome antes de 70.0.3538.102 permitieron a un atacante remoto explotar la corrupción de objetos a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 70.0.3538.110. Issues addressed ... • https://chromereleases.googleblog.com/2018/11/stable-channel-update-for-desktop.html • CWE-129: Improper Validation of Array Index •
CVSS: 9.6EPSS: 0%CPEs: 6EXPL: 0CVE-2018-17472 – Gentoo Linux Security Advisory 201811-10
https://notcve.org/view.php?id=CVE-2018-17472
14 Nov 2018 — Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the