CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6178 – chromium-browser: UI spoof in Extensions
https://notcve.org/view.php?id=CVE-2018-6178
27 Jul 2018 — Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension. La anulación por el lado incorrecto en una barra de información en DevTools en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante, que hubiese convencido a un usuario para que instale una extensión maliciosa, ocultase la UI de seguridad de Chrome mediant... • http://www.securityfocus.com/bid/104887 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6168 – chromium-browser: CORS bypass in Blink
https://notcve.org/view.php?id=CVE-2018-6168
27 Jul 2018 — Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. La fuga de información en el motor de medios en Google Chrome antes de 68.0.3440.75 permitió que un atacante remoto obtuviera información potencialmente sensible de la memoria de proceso a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version ... • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6155 – chromium-browser: Use after free in WebRTC
https://notcve.org/view.php?id=CVE-2018-6155
27 Jul 2018 — Incorrect handling of frames in the VP8 parser in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. El manejo incorrecto de los cuadros en el analizador VP8 en Google Chrome antes de 68.0.3440.75 permitió que un atacante remoto pudiera explotar la corrupción del montón a través de un archivo de video creado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 68.0.3440.75. Issues addr... • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6170 – chromium-browser: Type confusion in PDFium
https://notcve.org/view.php?id=CVE-2018-6170
27 Jul 2018 — A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Una mala conversión en PDFium en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 68.0.3440.75. Issues addressed include buffer... • http://www.securityfocus.com/bid/104887 • CWE-704: Incorrect Type Conversion or Cast CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6161 – chromium-browser: Same origin policy bypass in WebAudio
https://notcve.org/view.php?id=CVE-2018-6161
27 Jul 2018 — Insufficient policy enforcement in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page. La aplicación insuficiente de políticas en Blink en Google Chrome antes de 68.0.3440.75 permitió que un atacante remoto pasara por alto la misma política de origen a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 68.0.3440.75. Issues addressed include buffer over... • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation •
CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6152 – chromium-browser: Local file write in DevTools
https://notcve.org/view.php?id=CVE-2018-6152
27 Jul 2018 — The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction. La implementación del backend Page.downloadBehavior marcaba incondicionalmente los archivos descargados como seguros, independientemente del tipo de archivo en Google Chrome, en versi... • http://www.securityfocus.com/bid/104887 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6166 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6166
27 Jul 2018 — Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This up... • http://www.securityfocus.com/bid/104887 •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6164 – chromium-browser: Same origin policy bypass in ServiceWorker
https://notcve.org/view.php?id=CVE-2018-6164
27 Jul 2018 — Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Comprobación de origen insuficiente para el contenido CSS en Blink en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto filtrase los datos cross-origin mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 68.0.3440.75. I... • http://www.securityfocus.com/bid/104887 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6159 – chromium-browser: Same origin policy bypass in ServiceWorker
https://notcve.org/view.php?id=CVE-2018-6159
27 Jul 2018 — Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. La aplicación insuficiente de políticas en ServiceWorker en Google Chrome antes de 68.0.3440.75 permitió que un atacante remoto obtuviera información potencialmente sensible de la memoria de proceso a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update u... • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2018-6151 – chromium-browser: Bad cast in DevTools
https://notcve.org/view.php?id=CVE-2018-6151
27 Jul 2018 — Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. Una mala conversión en DevTools en Google Chrome, en versiones anteriores a la 66.0.3359.117 para Windows, Linux, Mac y Chrome OS, permitía que un atacante, que hubiese convencido a un usuario para que instale una extensión maliciosa, realizase una lectura de memoria fuera d... • http://www.securityfocus.com/bid/104887 • CWE-125: Out-of-bounds Read •