CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6160 – Gentoo Linux Security Advisory 201808-01
https://notcve.org/view.php?id=CVE-2018-6160
22 Aug 2018 — JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. El manejo de alertas de JavaScript en Prompts en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which allows remote... • http://www.securityfocus.com/bid/104887 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6156 – chromium-browser: Heap buffer overflow in WebRTC
https://notcve.org/view.php?id=CVE-2018-6156
27 Jul 2018 — Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. La derivación incorrecta de la longitud de un paquete en WebRTC en Google Chrome antes de 68.0.3440.75 permitió que un atacante remoto pudiera explotar la corrupción del montón a través de un archivo de video diseñado. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted webs... • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6167 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6167
27 Jul 2018 — Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This up... • http://www.securityfocus.com/bid/104887 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6176 – chromium-browser: Local user privilege escalation in Extensions
https://notcve.org/view.php?id=CVE-2018-6176
27 Jul 2018 — Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension. La aplicación insuficiente del tipo de archivo en la API de Extensions en Google Chrome antes de 68.0.3440.75 permitió que un atacante remoto que había comprometido el proceso del renderizador realizara una escalada de privilegios a través de una extensión de Chrome diseñada. Chromium is ... • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6175 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6175
27 Jul 2018 — Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This up... • http://www.securityfocus.com/bid/104887 •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6165 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6165
27 Jul 2018 — Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. La gestión incorrecta de las recargas en Navigation en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to... • http://www.securityfocus.com/bid/104887 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6163 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6163
27 Jul 2018 — Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This up... • http://www.securityfocus.com/bid/104887 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6172 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6172
27 Jul 2018 — Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This up... • http://www.securityfocus.com/bid/104887 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6177 – chromium-browser: Cross origin information leak in Blink
https://notcve.org/view.php?id=CVE-2018-6177
27 Jul 2018 — Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La fuga de información en el motor de medios en Google Chrome antes de 68.0.3440.75 permitió a un atacante remoto filtrar datos de origen cruzado a través de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 68.0.3440.75. Issues addressed include buffer overflow, bypass, and information ... • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6157 – chromium-browser: Type confusion in WebRTC
https://notcve.org/view.php?id=CVE-2018-6157
27 Jul 2018 — Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. La confusión de tipos en WebRTC en Google Chrome antes de 68.0.3440.75 permitió a un atacante remoto explotar potencialmente la corrupción del montón a través de un archivo de video creado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 68.0.3440.75. Issues addressed include buffer overflow, bypass, and... • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html • CWE-704: Incorrect Type Conversion or Cast •