CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6109 – chromium-browser: Incorrect handling of files by FileAPI
https://notcve.org/view.php?id=CVE-2018-6109
24 Apr 2018 — readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page. readAsText() puede leer indefinidamente el archivo escogido por el usuario, en lugar de solo una vez cuando se elige el archivo en la API File en Google Chrome , en versiones anteriores a la 66.0.3359.117, lo que permitía que un... • http://www.securityfocus.com/bid/103917 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6113 – chromium-browser: URL spoof in Navigation
https://notcve.org/view.php?id=CVE-2018-6113
24 Apr 2018 — Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page. El manejo incorrecto de las entradas de navegación pendientes en Navigation en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto suplantase dominios mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to versio... • http://www.securityfocus.com/bid/103917 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6094 – chromium-browser: Exploit hardening regression in Oilpan
https://notcve.org/view.php?id=CVE-2018-6094
24 Apr 2018 — Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Los metadatos inline en GarbageCollection en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.117... • http://www.securityfocus.com/bid/103917 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6104 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6104
24 Apr 2018 — Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This ... • http://www.securityfocus.com/bid/103917 •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6095 – chromium-browser: Lack of meaningful user interaction requirement before file upload
https://notcve.org/view.php?id=CVE-2018-6095
24 Apr 2018 — Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page. La eliminación incorrecta del selector de archivos en los eventos del teclado en Blink en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto leyese archivos locales mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to ... • http://www.securityfocus.com/bid/103917 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6098 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6098
24 Apr 2018 — Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This ... • http://www.securityfocus.com/bid/103917 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6115 – Gentoo Linux Security Advisory 201804-22
https://notcve.org/view.php?id=CVE-2018-6115
24 Apr 2018 — Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page. La configuración incorrecta de la marca SEE_MASK_FLAG_NO_UI en las descargas de archivos en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto omitiese las comprobaciones de malware del sistema operativo mediante una página HTML manipulada. Multiple vulnerabilities hav... • http://www.securityfocus.com/bid/103917 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6099 – chromium-browser: CORS bypass in ServiceWorker
https://notcve.org/view.php?id=CVE-2018-6099
24 Apr 2018 — A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page. La falta de comprobación de CORS en Blink en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto filtrase datos cross-origin limitados mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.117. Issues addressed include buffe... • http://www.securityfocus.com/bid/103917 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6108 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6108
24 Apr 2018 — Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update ... • http://www.securityfocus.com/bid/103917 •
CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6112 – chromium-browser: Incorrect URL handling in DevTools
https://notcve.org/view.php?id=CVE-2018-6112
24 Apr 2018 — Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Hacer que las URL fuesen clicables y permitiendo su formateo en DevTools en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto omitiese las restricciones de navegación mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrad... • http://www.securityfocus.com/bid/103917 • CWE-706: Use of Incorrectly-Resolved Name or Reference •