CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6144 – chromium-browser: Out of bounds memory access in PDFium
https://notcve.org/view.php?id=CVE-2018-6144
07 Jun 2018 — Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. Un error por un paso en PDFium en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante remoto pudiese realizar una escritura de memoria fuera de límites mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.62. Issues addressed inclu... • http://www.securityfocus.com/bid/104309 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6134 – chromium-browser: Referrer Policy bypass in Blink
https://notcve.org/view.php?id=CVE-2018-6134
07 Jun 2018 — Information leak in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. La filtración de información en Blink en Google Chrome antes de 67.0.3396.62 permitió a un atacante remoto eludir la política sin referencia a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.62. Issues addressed include buffer overflow and bypass vulnerabilities. • https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 2%CPEs: 5EXPL: 0CVE-2018-6143 – chromium-browser: Out of bounds memory access in V8
https://notcve.org/view.php?id=CVE-2018-6143
07 Jun 2018 — Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Validación insuficiente en V8 en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.62. Issues addressed incl... • http://www.securityfocus.com/bid/104309 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6145 – chromium-browser: Incorrect escaping of MathML in Blink
https://notcve.org/view.php?id=CVE-2018-6145
07 Jun 2018 — Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Una validación de datos insuficiente en el analizador de HTML en Google Chrome antes de 67.0.3396.62 permitió que un atacante remoto pasara por alto la misma política de origen a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.62. Issues addressed inc... • https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6127 – chromium-browser: Use after free in indexedDB
https://notcve.org/view.php?id=CVE-2018-6127
07 Jun 2018 — Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. La liberación temprana del objeto en uso en IndexDB en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante remoto, que hubiese comprometido el proceso renderer, pudiese realizar una escritura de memoria fuera de límites mediante una página HTML manipulada. Chromium is an... • http://www.securityfocus.com/bid/104309 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 27%CPEs: 6EXPL: 2CVE-2018-6126 – Skia - Heap Overflow in SkScan::FillPath due to Precision Error
https://notcve.org/view.php?id=CVE-2018-6126
07 Jun 2018 — A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Un error de precisión en Skia en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante remoto pudiese realizar una escritura de memoria fuera de límites mediante una página HTML manipulada. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Fir... • https://packetstorm.news/files/id/148684 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6139 – chromium-browser: Restrictions bypass in the debugger extension API
https://notcve.org/view.php?id=CVE-2018-6139
07 Jun 2018 — Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Las comprobaciones de destino insuficientes en la API chrome.debugger en DevTools en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante, que hubiese convencido a un usuario para que instale una extensión maliciosa, ejecute código arbitrario me... • http://www.securityfocus.com/bid/104309 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6132 – chromium-browser: Use of uninitialized memory in WebRTC
https://notcve.org/view.php?id=CVE-2018-6132
07 Jun 2018 — Uninitialized data in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Los datos no inicializados en WebRTC en Google Chrome antes de 67.0.3396.62 permitieron a un atacante remoto obtener información potencialmente sensible de la memoria de proceso a través de un archivo de video creado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.... • https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html • CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6142 – chromium-browser: Out of bounds memory access in V8
https://notcve.org/view.php?id=CVE-2018-6142
07 Jun 2018 — Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. el fallo en la verificación de los límites de la matriz en V8 en Google Chrome antes de 67.0.3396.62 permitió a un atacante remoto realizar una lectura de memoria fuera de los límites a través de un archivo PDF diseñado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.62. Issues addresse... • https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6131 – chromium-browser: Incorrect mutability protection in WebAssembly
https://notcve.org/view.php?id=CVE-2018-6131
07 Jun 2018 — Object lifecycle issue in WebAssembly in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El problema del lifecycle del objeto en WebAssembly en Google Chrome antes de 67.0.3396.62 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.62. Issues addressed includ... • https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html • CWE-787: Out-of-bounds Write •