CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16087 – chromium-browser: Multiple download restriction bypass
https://notcve.org/view.php?id=CVE-2018-16087
11 Sep 2018 — Lack of proper state tracking in Permissions in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. La falta de un rastreo de estado adecuado en Permissions en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto omitiese las restricciones de navegación mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. I... • https://access.redhat.com/errata/RHSA-2018:2666 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16088 – chromium-browser: User gesture requirement bypass
https://notcve.org/view.php?id=CVE-2018-16088
11 Sep 2018 — A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page. La falta de comprobaciones para los eventos simulados por JS en Blink en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto descargase archivos arbitrarios sin entradas de usuario mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This ... • https://access.redhat.com/errata/RHSA-2018:2666 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 8%CPEs: 5EXPL: 0CVE-2018-16065 – chromium-browser: Out of bounds write in V8
https://notcve.org/view.php?id=CVE-2018-16065
09 Sep 2018 — A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Problemas de reentrada de JavaScript que provocaban un uso de memoria previamente liberada en V8 en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto ejecutase código arbitrario dentro de un sandbox mediante una página HTML manipulada. Chromium is an open-source web browse... • http://www.securityfocus.com/bid/105215 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 0CVE-2018-16066 – chromium-browser: Out of bounds read in Blink
https://notcve.org/view.php?id=CVE-2018-16066
09 Sep 2018 — A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Blink en Google Chrome en versiones anteriores a la 69.0.3497.81 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issues a... • http://www.securityfocus.com/bid/105215 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 0CVE-2018-16067 – chromium-browser: Out of bounds read in WebAudio
https://notcve.org/view.php?id=CVE-2018-16067
09 Sep 2018 — A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en WebAudio en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. ... • http://www.securityfocus.com/bid/105215 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0CVE-2018-16068 – chromium-browser: Out of bounds write in Mojo
https://notcve.org/view.php?id=CVE-2018-16068
09 Sep 2018 — Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Falta de validación en Mojo en Google Chrome en versiones anteriores a la 69.0.3497.81 permitía que un atacante remoto realizase un escape del sandbox mediante una página HTML manipulada. Chrome has missing validation in the deserialization routines for both DataPipeConsumerDispatcher and DataPipeProducerDispatcher, which take from the incoming message ... • http://www.securityfocus.com/bid/105215 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16069 – chromium-browser: Out of bounds read in SwiftShader
https://notcve.org/view.php?id=CVE-2018-16069
09 Sep 2018 — Unintended floating-point error accumulation in SwiftShader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La acumulación involuntaria de errores de punto flotante en SwiftShader en Google Chrome antes del 69.0.3497.81 permitió a un atacante remoto filtrar datos de cross-origin través de una página HTML creada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issues addressed... • https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16070 – chromium-browser: Integer overflow in Skia
https://notcve.org/view.php?id=CVE-2018-16070
09 Sep 2018 — Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Los desbordamientos de enteros en Skia en Google Chrome antes de 69.0.3497.81 permitieron a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issues addressed include buffer overflow, byp... • https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 11%CPEs: 4EXPL: 2CVE-2018-16071 – WebRTC - VP9 Processing Use-After-Free
https://notcve.org/view.php?id=CVE-2018-16071
09 Sep 2018 — A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Uso de memoria previamente liberada en WebRTC en Google Chrome en versiones anteriores a la 69.0.3497.81 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo de vídeo manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issu... • https://packetstorm.news/files/id/149459 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16073 – chromium-browser: Site Isolation bypass after tab restore
https://notcve.org/view.php?id=CVE-2018-16073
09 Sep 2018 — Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page. La aplicación insuficiente de políticas en el aislamiento del sitio en Google Chrome antes de 69.0.3497.81 permitió a un atacante remoto omitir el aislamiento del sitio a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issues addressed include b... • https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html • CWE-285: Improper Authorization •