CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6144 – chromium-browser: Out of bounds memory access in PDFium
https://notcve.org/view.php?id=CVE-2018-6144
07 Jun 2018 — Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. Un error por un paso en PDFium en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante remoto pudiese realizar una escritura de memoria fuera de límites mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.62. Issues addressed inclu... • http://www.securityfocus.com/bid/104309 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6139 – chromium-browser: Restrictions bypass in the debugger extension API
https://notcve.org/view.php?id=CVE-2018-6139
07 Jun 2018 — Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Las comprobaciones de destino insuficientes en la API chrome.debugger en DevTools en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante, que hubiese convencido a un usuario para que instale una extensión maliciosa, ejecute código arbitrario me... • http://www.securityfocus.com/bid/104309 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6135 – chromium-browser: UI spoofing in Blink
https://notcve.org/view.php?id=CVE-2018-6135
07 Jun 2018 — Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page. La falta de limpieza del sitio anterior antes de cargar alertas de otro nuevo en Blink en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante remoto realizase la suplantación de dominios mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. ... • http://www.securityfocus.com/bid/104309 •
CVSS: 9.3EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6140 – chromium-browser: Restrictions bypass in the debugger extension API
https://notcve.org/view.php?id=CVE-2018-6140
07 Jun 2018 — Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Permitir que la API chrome.debugger se adjunte en las páginas de Web UI en DevTools en Google Chrome en versiones anteriores a la 67.0.3396.62 permitía que un atacante que hubiese convencido a un usuario para que instale una extensión maliciosa ejecute código arbitrario... • http://www.securityfocus.com/bid/104309 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6137 – chromium-browser: Leak of visited status of page in Blink
https://notcve.org/view.php?id=CVE-2018-6137
07 Jun 2018 — CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La API CSS Paint en Blink en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante remoto filtrase los datos cross-origin mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.62. Issues addressed include buffer overflow and bypass vulnerabilities. • http://www.securityfocus.com/bid/104309 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6134 – chromium-browser: Referrer Policy bypass in Blink
https://notcve.org/view.php?id=CVE-2018-6134
07 Jun 2018 — Information leak in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. La filtración de información en Blink en Google Chrome antes de 67.0.3396.62 permitió a un atacante remoto eludir la política sin referencia a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.62. Issues addressed include buffer overflow and bypass vulnerabilities. • https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6145 – chromium-browser: Incorrect escaping of MathML in Blink
https://notcve.org/view.php?id=CVE-2018-6145
07 Jun 2018 — Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Una validación de datos insuficiente en el analizador de HTML en Google Chrome antes de 67.0.3396.62 permitió que un atacante remoto pasara por alto la misma política de origen a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.62. Issues addressed inc... • https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6133 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6133
07 Jun 2018 — Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This up... • http://www.securityfocus.com/bid/104309 • CWE-19: Data Processing Errors •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-6130 – WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access
https://notcve.org/view.php?id=CVE-2018-6130
07 Jun 2018 — Incorrect handling of object lifetimes in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. El manejo incorrecto de la vida útil de los objetos en WebRTC en Google Chrome antes de 67.0.3396.62 permitió que un atacante remoto pudiera realizar un acceso a la memoria fuera de límites a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to ve... • https://packetstorm.news/files/id/148093 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 0CVE-2018-6123 – chromium-browser: Use after free in Blink
https://notcve.org/view.php?id=CVE-2018-6123
07 Jun 2018 — A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Blink en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.62. Issues... • http://www.securityfocus.com/bid/104309 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •