CVSS: 8.8EPSS: 8%CPEs: 5EXPL: 0CVE-2018-16065 – chromium-browser: Out of bounds write in V8
https://notcve.org/view.php?id=CVE-2018-16065
09 Sep 2018 — A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Problemas de reentrada de JavaScript que provocaban un uso de memoria previamente liberada en V8 en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto ejecutase código arbitrario dentro de un sandbox mediante una página HTML manipulada. Chromium is an open-source web browse... • http://www.securityfocus.com/bid/105215 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15406 – chromium-browser: stack overflow in v8
https://notcve.org/view.php?id=CVE-2017-15406
28 Aug 2018 — A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un desbordamiento de búfer basado en pila en V8 en Google Chrome, en versiones anteriores a la 62.0.3202.75, permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. • https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop_26.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15430
https://notcve.org/view.php?id=CVE-2017-15430
28 Aug 2018 — Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. La insuficiente validación de datos en el plugin Chromecast en Google Chrome antes del 63.0.3239.84 permitió a un atacante remoto inyectar scripts arbitrarios o HTML (UXSS) a través de una página HTML diseñada. • https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6160 – Gentoo Linux Security Advisory 201808-01
https://notcve.org/view.php?id=CVE-2018-6160
22 Aug 2018 — JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. El manejo de alertas de JavaScript en Prompts en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which allows remote... • http://www.securityfocus.com/bid/104887 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6154 – chromium-browser: Heap buffer overflow in WebGL
https://notcve.org/view.php?id=CVE-2018-6154
27 Jul 2018 — Insufficient data validation in WebGL in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La insuficiente validación de datos en WebGL en Google Chrome antes de 68.0.3440.75 permitió a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 68.0.3440.75. Issues addressed include buffer ... • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6155 – chromium-browser: Use after free in WebRTC
https://notcve.org/view.php?id=CVE-2018-6155
27 Jul 2018 — Incorrect handling of frames in the VP8 parser in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. El manejo incorrecto de los cuadros en el analizador VP8 en Google Chrome antes de 68.0.3440.75 permitió que un atacante remoto pudiera explotar la corrupción del montón a través de un archivo de video creado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 68.0.3440.75. Issues addr... • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6156 – chromium-browser: Heap buffer overflow in WebRTC
https://notcve.org/view.php?id=CVE-2018-6156
27 Jul 2018 — Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. La derivación incorrecta de la longitud de un paquete en WebRTC en Google Chrome antes de 68.0.3440.75 permitió que un atacante remoto pudiera explotar la corrupción del montón a través de un archivo de video diseñado. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted webs... • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6157 – chromium-browser: Type confusion in WebRTC
https://notcve.org/view.php?id=CVE-2018-6157
27 Jul 2018 — Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. La confusión de tipos en WebRTC en Google Chrome antes de 68.0.3440.75 permitió a un atacante remoto explotar potencialmente la corrupción del montón a través de un archivo de video creado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 68.0.3440.75. Issues addressed include buffer overflow, bypass, and... • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2018-6158 – chromium-browser: Use after free in Blink
https://notcve.org/view.php?id=CVE-2018-6158
27 Jul 2018 — A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una condición de carrera en Oilpan en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 68.0.3440.75. Issues addressed i... • http://www.securityfocus.com/bid/104887 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6159 – chromium-browser: Same origin policy bypass in ServiceWorker
https://notcve.org/view.php?id=CVE-2018-6159
27 Jul 2018 — Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. La aplicación insuficiente de políticas en ServiceWorker en Google Chrome antes de 68.0.3440.75 permitió que un atacante remoto obtuviera información potencialmente sensible de la memoria de proceso a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update u... • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •