CVSS: 8.8EPSS: 12%CPEs: 4EXPL: 2CVE-2018-16083 – WebRTC - FEC Out-of-Bounds Read
https://notcve.org/view.php?id=CVE-2018-16083
09 Sep 2018 — An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Una lectura fuera de límites en el código de redirección de corrección de errores en WebRTC en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. Chromium is an open-source web browser... • https://packetstorm.news/files/id/149460 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-16080 – chromium-browser: URL spoof in full screen mode
https://notcve.org/view.php?id=CVE-2018-16080
09 Sep 2018 — A missing check for popup window handling in Fullscreen in Google Chrome on macOS prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. La falta de comprobaciones para la gestión de ventanas desplegables en Fullscreen en Google Chrome, en versiones anteriores a la 69.0.3497.81, en macOS permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante una página HTML manipulada. Chromium is an open-source web ... • http://www.securityfocus.com/bid/105215 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16070 – chromium-browser: Integer overflow in Skia
https://notcve.org/view.php?id=CVE-2018-16070
09 Sep 2018 — Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Los desbordamientos de enteros en Skia en Google Chrome antes de 69.0.3497.81 permitieron a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issues addressed include buffer overflow, byp... • https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16074 – chromium-browser: Site Isolation bypass using Blob URLS
https://notcve.org/view.php?id=CVE-2018-16074
09 Sep 2018 — Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page. La aplicación insuficiente de políticas en el aislamiento del sitio en Google Chrome antes de 69.0.3497.81 permitió a un atacante remoto omitir el aislamiento del sitio a través de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issues addressed include bu... • https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html • CWE-285: Improper Authorization •
CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0CVE-2018-16068 – chromium-browser: Out of bounds write in Mojo
https://notcve.org/view.php?id=CVE-2018-16068
09 Sep 2018 — Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Falta de validación en Mojo en Google Chrome en versiones anteriores a la 69.0.3497.81 permitía que un atacante remoto realizase un escape del sandbox mediante una página HTML manipulada. Chrome has missing validation in the deserialization routines for both DataPipeConsumerDispatcher and DataPipeProducerDispatcher, which take from the incoming message ... • http://www.securityfocus.com/bid/105215 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16069 – chromium-browser: Out of bounds read in SwiftShader
https://notcve.org/view.php?id=CVE-2018-16069
09 Sep 2018 — Unintended floating-point error accumulation in SwiftShader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La acumulación involuntaria de errores de punto flotante en SwiftShader en Google Chrome antes del 69.0.3497.81 permitió a un atacante remoto filtrar datos de cross-origin través de una página HTML creada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issues addressed... • https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16076 – chromium-browser: Out of bounds read in PDFium
https://notcve.org/view.php?id=CVE-2018-16076
09 Sep 2018 — Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. La falta de comprobación de límites en PDFium en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issues... • http://www.securityfocus.com/bid/105215 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16077 – chromium-browser: Content security policy bypass in Blink
https://notcve.org/view.php?id=CVE-2018-16077
09 Sep 2018 — Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass content security policy via a crafted HTML page. El problema del ciclo de vida de los objetos en Blink en Google Chrome antes de 69.0.3497.81 permitió a un atacante remoto eludir la política de seguridad de contenido a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issues addressed include buffer over... • https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html • CWE-285: Improper Authorization •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16081 – chromium-browser: Local file access in DevTools
https://notcve.org/view.php?id=CVE-2018-16081
09 Sep 2018 — Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension. Permitir que la API chrome.debugger se ejecutase en las URL file:// en DevTools en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante que hubiese convencido a un usuario para que instale una exte... • http://www.securityfocus.com/bid/105215 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15406 – chromium-browser: stack overflow in v8
https://notcve.org/view.php?id=CVE-2017-15406
28 Aug 2018 — A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un desbordamiento de búfer basado en pila en V8 en Google Chrome, en versiones anteriores a la 62.0.3202.75, permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. • https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop_26.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •