CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6167 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6167
27 Jul 2018 — Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This up... • http://www.securityfocus.com/bid/104887 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6176 – chromium-browser: Local user privilege escalation in Extensions
https://notcve.org/view.php?id=CVE-2018-6176
27 Jul 2018 — Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension. La aplicación insuficiente del tipo de archivo en la API de Extensions en Google Chrome antes de 68.0.3440.75 permitió que un atacante remoto que había comprometido el proceso del renderizador realizara una escalada de privilegios a través de una extensión de Chrome diseñada. Chromium is ... • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6175 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6175
27 Jul 2018 — Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This up... • http://www.securityfocus.com/bid/104887 •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6165 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6165
27 Jul 2018 — Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. La gestión incorrecta de las recargas en Navigation en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to... • http://www.securityfocus.com/bid/104887 •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6162 – chromium-browser: Heap buffer overflow in WebGL
https://notcve.org/view.php?id=CVE-2018-6162
27 Jul 2018 — Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La deserialización incorrecta en WebGL en Google Chrome, en versiones anteriores a la 68.0.3440.75 en Mac, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 68.0.34... • http://www.securityfocus.com/bid/104887 • CWE-502: Deserialization of Untrusted Data CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 8%CPEs: 5EXPL: 0CVE-2018-6174 – chromium-browser: Integer overflow in SwiftShader
https://notcve.org/view.php?id=CVE-2018-6174
27 Jul 2018 — Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page. Desbordamientos de enteros en Swiftshader en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitían que un atacante remoto ejecutase código arbitrario mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 68.0.3440.75. Issues addressed include buffer over... • http://www.securityfocus.com/bid/104887 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6150 – chromium-browser: Cross origin information disclosure in Service Workers
https://notcve.org/view.php?id=CVE-2018-6150
27 Jul 2018 — Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. El manejo incorrecto de CORS en ServiceWorker en Google Chrome antes de 66.0.3359.117 permitió a un atacante remoto filtrar datos de origen cruzado a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 68.0.3440.75. Issues addressed include buffer overflow, bypass, a... • https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6173 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6173
27 Jul 2018 — Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This up... • http://www.securityfocus.com/bid/104887 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6178 – chromium-browser: UI spoof in Extensions
https://notcve.org/view.php?id=CVE-2018-6178
27 Jul 2018 — Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension. La anulación por el lado incorrecto en una barra de información en DevTools en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante, que hubiese convencido a un usuario para que instale una extensión maliciosa, ocultase la UI de seguridad de Chrome mediant... • http://www.securityfocus.com/bid/104887 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6168 – chromium-browser: CORS bypass in Blink
https://notcve.org/view.php?id=CVE-2018-6168
27 Jul 2018 — Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. La fuga de información en el motor de medios en Google Chrome antes de 68.0.3440.75 permitió que un atacante remoto obtuviera información potencialmente sensible de la memoria de proceso a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version ... • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •