CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6144 – chromium-browser: Out of bounds memory access in PDFium
https://notcve.org/view.php?id=CVE-2018-6144
07 Jun 2018 — Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. Un error por un paso en PDFium en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante remoto pudiese realizar una escritura de memoria fuera de límites mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.62. Issues addressed inclu... • http://www.securityfocus.com/bid/104309 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6141 – chromium-browser: Heap buffer overflow in Skia
https://notcve.org/view.php?id=CVE-2018-6141
07 Jun 2018 — Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. La validación insuficiente de un filtro de imagen en Skia en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante remoto, que hubiese comprometido el proceso renderer, pudiese realizar una escritura de memoria fuera de límites mediante una página HTML manipula... • http://www.securityfocus.com/bid/104309 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6136 – chromium-browser: Out of bounds memory access in V8
https://notcve.org/view.php?id=CVE-2018-6136
07 Jun 2018 — Missing type check in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Falta la verificación de tipo en V8 en Google Chrome antes de 67.0.3396.62 permitió a un atacante remoto realizar una lectura de memoria fuera de límites a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.62. Issues addressed include buffer overflow and bypass... • https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6145 – chromium-browser: Incorrect escaping of MathML in Blink
https://notcve.org/view.php?id=CVE-2018-6145
07 Jun 2018 — Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Una validación de datos insuficiente en el analizador de HTML en Google Chrome antes de 67.0.3396.62 permitió que un atacante remoto pasara por alto la misma política de origen a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.62. Issues addressed inc... • https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6134 – chromium-browser: Referrer Policy bypass in Blink
https://notcve.org/view.php?id=CVE-2018-6134
07 Jun 2018 — Information leak in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. La filtración de información en Blink en Google Chrome antes de 67.0.3396.62 permitió a un atacante remoto eludir la política sin referencia a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.62. Issues addressed include buffer overflow and bypass vulnerabilities. • https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 2%CPEs: 5EXPL: 0CVE-2018-6143 – chromium-browser: Out of bounds memory access in V8
https://notcve.org/view.php?id=CVE-2018-6143
07 Jun 2018 — Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Validación insuficiente en V8 en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.62. Issues addressed incl... • http://www.securityfocus.com/bid/104309 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6122 – chromium-browser: Type confusion in V8
https://notcve.org/view.php?id=CVE-2018-6122
15 May 2018 — Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en WebAssembly en Google Chrome versiones anteriores a 66.0.3359.139, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in privilege escalation. Versions less ... • https://crbug.com/836141 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 0CVE-2018-6120 – chromium-browser: Heap buffer overflow in PDFium
https://notcve.org/view.php?id=CVE-2018-6120
15 May 2018 — An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Un desbordamiento de enteros que conduce a una escritura fuera de límites basada en memoria dinámica (heap) controlada por el atacante en PDFium en Google Chrome en versiones anteriores a la 66.0.3359.170 permitía que un atacante remoto ejecutase código arbitrario dentro de un sand... • http://www.securityfocus.com/bid/104143 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6121 – chromium-browser: Privilege Escalation in extensions
https://notcve.org/view.php?id=CVE-2018-6121
15 May 2018 — Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page. La validación insuficiente de la entrada en Blink en Google Chrome antes de 66.0.3359.170 permitió a un atacante remoto realizar una escalada de privilegios a través de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in privilege escalation. Versions less than 66.0... • https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6118 – chromium-browser: Use after free in Media Cache
https://notcve.org/view.php?id=CVE-2018-6118
03 May 2018 — A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Un doble desalojo en la memoria caché en modo Incógnito que llevó a un usuario después de la memoria caché libre en Google Chrome antes de 66.0.3359.139 permitió que un atacante remoto que había comprometido el proceso del renderizador ejecutara código arbitrario a tr... • https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop_26.html • CWE-416: Use After Free •