CVSS: 8.8EPSS: 27%CPEs: 6EXPL: 2CVE-2018-6126 – Skia - Heap Overflow in SkScan::FillPath due to Precision Error
https://notcve.org/view.php?id=CVE-2018-6126
07 Jun 2018 — A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Un error de precisión en Skia en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante remoto pudiese realizar una escritura de memoria fuera de límites mediante una página HTML manipulada. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Fir... • https://packetstorm.news/files/id/148684 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6139 – chromium-browser: Restrictions bypass in the debugger extension API
https://notcve.org/view.php?id=CVE-2018-6139
07 Jun 2018 — Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Las comprobaciones de destino insuficientes en la API chrome.debugger en DevTools en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante, que hubiese convencido a un usuario para que instale una extensión maliciosa, ejecute código arbitrario me... • http://www.securityfocus.com/bid/104309 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6132 – chromium-browser: Use of uninitialized memory in WebRTC
https://notcve.org/view.php?id=CVE-2018-6132
07 Jun 2018 — Uninitialized data in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Los datos no inicializados en WebRTC en Google Chrome antes de 67.0.3396.62 permitieron a un atacante remoto obtener información potencialmente sensible de la memoria de proceso a través de un archivo de video creado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.... • https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html • CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6142 – chromium-browser: Out of bounds memory access in V8
https://notcve.org/view.php?id=CVE-2018-6142
07 Jun 2018 — Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. el fallo en la verificación de los límites de la matriz en V8 en Google Chrome antes de 67.0.3396.62 permitió a un atacante remoto realizar una lectura de memoria fuera de los límites a través de un archivo PDF diseñado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.62. Issues addresse... • https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6131 – chromium-browser: Incorrect mutability protection in WebAssembly
https://notcve.org/view.php?id=CVE-2018-6131
07 Jun 2018 — Object lifecycle issue in WebAssembly in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El problema del lifecycle del objeto en WebAssembly en Google Chrome antes de 67.0.3396.62 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 67.0.3396.62. Issues addressed includ... • https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 0CVE-2018-6120 – chromium-browser: Heap buffer overflow in PDFium
https://notcve.org/view.php?id=CVE-2018-6120
15 May 2018 — An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Un desbordamiento de enteros que conduce a una escritura fuera de límites basada en memoria dinámica (heap) controlada por el atacante en PDFium en Google Chrome en versiones anteriores a la 66.0.3359.170 permitía que un atacante remoto ejecutase código arbitrario dentro de un sand... • http://www.securityfocus.com/bid/104143 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6121 – chromium-browser: Privilege Escalation in extensions
https://notcve.org/view.php?id=CVE-2018-6121
15 May 2018 — Insufficient validation of input in Blink in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to perform privilege escalation via a crafted HTML page. La validación insuficiente de la entrada en Blink en Google Chrome antes de 66.0.3359.170 permitió a un atacante remoto realizar una escalada de privilegios a través de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in privilege escalation. Versions less than 66.0... • https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6122 – chromium-browser: Type confusion in V8
https://notcve.org/view.php?id=CVE-2018-6122
15 May 2018 — Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en WebAssembly en Google Chrome versiones anteriores a 66.0.3359.139, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in privilege escalation. Versions less ... • https://crbug.com/836141 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6118 – chromium-browser: Use after free in Media Cache
https://notcve.org/view.php?id=CVE-2018-6118
03 May 2018 — A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Un doble desalojo en la memoria caché en modo Incógnito que llevó a un usuario después de la memoria caché libre en Google Chrome antes de 66.0.3359.139 permitió que un atacante remoto que había comprometido el proceso del renderizador ejecutara código arbitrario a tr... • https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop_26.html • CWE-416: Use After Free •
CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6112 – chromium-browser: Incorrect URL handling in DevTools
https://notcve.org/view.php?id=CVE-2018-6112
24 Apr 2018 — Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Hacer que las URL fuesen clicables y permitiendo su formateo en DevTools en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto omitiese las restricciones de navegación mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrad... • http://www.securityfocus.com/bid/103917 • CWE-706: Use of Incorrectly-Resolved Name or Reference •