CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6089 – chromium-browser: Same origin policy bypass in Service Worker
https://notcve.org/view.php?id=CVE-2018-6089
24 Apr 2018 — A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page. La falta de comprobación de CORS tras una redirección de un Service Worker a un PDF cross-origin en Service Worker en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto filtrase datos cross-origin limitados mediante una página HTML manipulada. Chrom... • http://www.securityfocus.com/bid/103917 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6094 – chromium-browser: Exploit hardening regression in Oilpan
https://notcve.org/view.php?id=CVE-2018-6094
24 Apr 2018 — Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Los metadatos inline en GarbageCollection en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.117... • http://www.securityfocus.com/bid/103917 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6098 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6098
24 Apr 2018 — Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This ... • http://www.securityfocus.com/bid/103917 •
CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6110 – chromium-browser: Incorrect handling of plaintext files via file://
https://notcve.org/view.php?id=CVE-2018-6110
24 Apr 2018 — Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page. El análisis de documentos como HTML en Downloads en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto provocase que Chrome ejecutase scripts mediante una página local que no fuese HTML. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.117. Iss... • http://www.securityfocus.com/bid/103917 • CWE-20: Improper Input Validation •
CVSS: 9.6EPSS: 8%CPEs: 6EXPL: 0CVE-2018-6085 – chromium-browser: Use after free in Disk Cache
https://notcve.org/view.php?id=CVE-2018-6085
24 Apr 2018 — Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page. La reentrada de un destructor en Networking Disk Cache en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto ejecutase código arbitrario mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.117. Issues addressed... • http://www.securityfocus.com/bid/103917 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 5%CPEs: 6EXPL: 0CVE-2018-6088 – chromium-browser: Use after free in PDFium
https://notcve.org/view.php?id=CVE-2018-6088
24 Apr 2018 — An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Un error de invalidación de iteradores en PDFium en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto ejecutase código arbitrario dentro de un sandbox mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.11... • http://www.securityfocus.com/bid/103917 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6093 – chromium-browser: Same origin bypass in Service Worker
https://notcve.org/view.php?id=CVE-2018-6093
24 Apr 2018 — Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Comprobación de origen insuficiente en Blink en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto filtrase los datos cross-origin mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.117. Issues addressed include buffer over... • http://www.securityfocus.com/bid/103917 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6109 – chromium-browser: Incorrect handling of files by FileAPI
https://notcve.org/view.php?id=CVE-2018-6109
24 Apr 2018 — readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page. readAsText() puede leer indefinidamente el archivo escogido por el usuario, en lugar de solo una vez cuando se elige el archivo en la API File en Google Chrome , en versiones anteriores a la 66.0.3359.117, lo que permitía que un... • http://www.securityfocus.com/bid/103917 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.6EPSS: 8%CPEs: 6EXPL: 0CVE-2018-6086 – chromium-browser: Use after free in Disk Cache
https://notcve.org/view.php?id=CVE-2018-6086
24 Apr 2018 — A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Una doble expulsión en la caché del modo incógnito que conducía a un uso de memoria previamente liberada en Networking Disk Cache en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto ejecutase código arbitrario mediante una página HTML manipulada. Chro... • http://www.securityfocus.com/bid/103917 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6095 – chromium-browser: Lack of meaningful user interaction requirement before file upload
https://notcve.org/view.php?id=CVE-2018-6095
24 Apr 2018 — Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page. La eliminación incorrecta del selector de archivos en los eventos del teclado en Blink en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto leyese archivos locales mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to ... • http://www.securityfocus.com/bid/103917 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •