CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16074 – chromium-browser: Site Isolation bypass using Blob URLS
https://notcve.org/view.php?id=CVE-2018-16074
09 Sep 2018 — Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page. La aplicación insuficiente de políticas en el aislamiento del sitio en Google Chrome antes de 69.0.3497.81 permitió a un atacante remoto omitir el aislamiento del sitio a través de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issues addressed include bu... • https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html • CWE-285: Improper Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16085 – chromium-browser: Use after free in Memory Instrumentation
https://notcve.org/view.php?id=CVE-2018-16085
09 Sep 2018 — A use after free in ResourceCoordinator in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en ResourceCoordinator en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to ... • http://www.securityfocus.com/bid/105215 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16081 – chromium-browser: Local file access in DevTools
https://notcve.org/view.php?id=CVE-2018-16081
09 Sep 2018 — Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension. Permitir que la API chrome.debugger se ejecutase en las URL file:// en DevTools en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante que hubiese convencido a un usuario para que instale una exte... • http://www.securityfocus.com/bid/105215 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16070 – chromium-browser: Integer overflow in Skia
https://notcve.org/view.php?id=CVE-2018-16070
09 Sep 2018 — Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Los desbordamientos de enteros en Skia en Google Chrome antes de 69.0.3497.81 permitieron a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issues addressed include buffer overflow, byp... • https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16082 – chromium-browser: Stack buffer overflow in SwiftShader
https://notcve.org/view.php?id=CVE-2018-16082
09 Sep 2018 — An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Una lectura fuera de límites en Swiftshader en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto pudiese realizar un acceso a la memoria fuera de límites mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.... • http://www.securityfocus.com/bid/105215 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16084 – chromium-browser: User confirmation bypass in external protocol handling
https://notcve.org/view.php?id=CVE-2018-16084
09 Sep 2018 — The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page. El botón de diálogo seleccionado por defecto en CustomHandlers en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto, que hubiese convencido a un usuario para que realizase ciertas operaciones, abriese programas externos mediante una página HTML manip... • http://www.securityfocus.com/bid/105215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 11%CPEs: 4EXPL: 2CVE-2018-16071 – WebRTC - VP9 Processing Use-After-Free
https://notcve.org/view.php?id=CVE-2018-16071
09 Sep 2018 — A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Uso de memoria previamente liberada en WebRTC en Google Chrome en versiones anteriores a la 69.0.3497.81 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo de vídeo manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issu... • https://packetstorm.news/files/id/149459 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 0CVE-2018-16066 – chromium-browser: Out of bounds read in Blink
https://notcve.org/view.php?id=CVE-2018-16066
09 Sep 2018 — A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Blink en Google Chrome en versiones anteriores a la 69.0.3497.81 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issues a... • http://www.securityfocus.com/bid/105215 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16073 – chromium-browser: Site Isolation bypass after tab restore
https://notcve.org/view.php?id=CVE-2018-16073
09 Sep 2018 — Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page. La aplicación insuficiente de políticas en el aislamiento del sitio en Google Chrome antes de 69.0.3497.81 permitió a un atacante remoto omitir el aislamiento del sitio a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issues addressed include b... • https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html • CWE-285: Improper Authorization •
CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0CVE-2018-16068 – chromium-browser: Out of bounds write in Mojo
https://notcve.org/view.php?id=CVE-2018-16068
09 Sep 2018 — Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Falta de validación en Mojo en Google Chrome en versiones anteriores a la 69.0.3497.81 permitía que un atacante remoto realizase un escape del sandbox mediante una página HTML manipulada. Chrome has missing validation in the deserialization routines for both DataPipeConsumerDispatcher and DataPipeProducerDispatcher, which take from the incoming message ... • http://www.securityfocus.com/bid/105215 • CWE-20: Improper Input Validation •