Page 173 of 2459 results (0.019 seconds)

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-6102 – chromium-browser: URL spoof in Omnibox

https://notcve.org/view.php?id=CVE-2018-6102

24 Apr 2018 — Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. La falta de caracteres confundibles en Internationalization en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This ... • http://www.securityfocus.com/bid/103917 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-6105 – chromium-browser: URL spoof in Omnibox

https://notcve.org/view.php?id=CVE-2018-6105

24 Apr 2018 — Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en Omnibox en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgra... • http://www.securityfocus.com/bid/103917 •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-6114 – chromium-browser: CSP bypass

https://notcve.org/view.php?id=CVE-2018-6114

24 Apr 2018 — Incorrect enforcement of CSP for tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page. La aplicación incorrecta de la política de seguridad de contenido (CSP) para las etiquetas en Blink en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto omitiese la política de seguridad de contenido mediante una página HTML manipulada. Chromium is an open-source web browser, powered by We... • http://www.securityfocus.com/bid/103917 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 3%CPEs: 6EXPL: 1

CVE-2018-6106 – chromium-browser: Incorrect handling of promises in V8

https://notcve.org/view.php?id=CVE-2018-6106

24 Apr 2018 — An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page. Un generador asíncrono podría devolver un estado incorrecto en V8 en Google Chrome, en versiones anteriores a la 66.0.3359.117, lo que permite que un atacante remoto explote una corrupción de objetos mediante una página HTML manipulada. Google Chrome V8 Await methods call ResolveNativePromise which calls InternalRes... • https://packetstorm.news/files/id/147386 • CWE-19: Data Processing Errors •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-6115 – Gentoo Linux Security Advisory 201804-22

https://notcve.org/view.php?id=CVE-2018-6115

24 Apr 2018 — Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page. La configuración incorrecta de la marca SEE_MASK_FLAG_NO_UI en las descargas de archivos en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto omitiese las comprobaciones de malware del sistema operativo mediante una página HTML manipulada. Multiple vulnerabilities hav... • http://www.securityfocus.com/bid/103917 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-6103 – chromium-browser: UI spoof in Permissions

https://notcve.org/view.php?id=CVE-2018-6103

24 Apr 2018 — A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page. Un mensaje de permisos estancado en Prompts en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto omitiese las políticas de permisos mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.117. Issues addressed include buf... • http://www.securityfocus.com/bid/103917 •

CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0

CVE-2018-6117 – chromium-browser: Confusing autofill settings

https://notcve.org/view.php?id=CVE-2018-6117

24 Apr 2018 — Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Las opciones confusas en Autofill en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitían que un atacante remoto pudiese obtener información potencialmente sensible del la memoria del proceso mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades C... • http://www.securityfocus.com/bid/103917 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0

CVE-2018-6112 – chromium-browser: Incorrect URL handling in DevTools

https://notcve.org/view.php?id=CVE-2018-6112

24 Apr 2018 — Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Hacer que las URL fuesen clicables y permitiendo su formateo en DevTools en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto omitiese las restricciones de navegación mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrad... • http://www.securityfocus.com/bid/103917 • CWE-706: Use of Incorrectly-Resolved Name or Reference •

CVSS: 8.8EPSS: 6%CPEs: 6EXPL: 0

CVE-2018-6087 – chromium-browser: Use after free in WebAssembly

https://notcve.org/view.php?id=CVE-2018-6087

24 Apr 2018 — A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Un uso de memoria previamente liberada en WebAssembly en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto ejecutase código arbitrario dentro de un sandbox mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.11... • http://www.securityfocus.com/bid/103917 • CWE-416: Use After Free •

CVSS: 7.5EPSS: 8%CPEs: 6EXPL: 0

CVE-2018-6101 – chromium-browser: Insufficient protection of remote debugging prototol in DevTools

https://notcve.org/view.php?id=CVE-2018-6101

24 Apr 2018 — A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server. La falta de validación del host en DevTools en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto ejecutase código arbitrario mediante una página HTML manipulada si el usuario está ejecutando un servidor de depuración DevTools remoto. Chromium is an open-sou... • http://www.securityfocus.com/bid/103917 • CWE-20: Improper Input Validation •