CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6103 – chromium-browser: UI spoof in Permissions
https://notcve.org/view.php?id=CVE-2018-6103
24 Apr 2018 — A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page. Un mensaje de permisos estancado en Prompts en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto omitiese las políticas de permisos mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.117. Issues addressed include buf... • http://www.securityfocus.com/bid/103917 •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6104 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6104
24 Apr 2018 — Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This ... • http://www.securityfocus.com/bid/103917 •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6105 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6105
24 Apr 2018 — Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en Omnibox en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgra... • http://www.securityfocus.com/bid/103917 •
CVSS: 8.8EPSS: 3%CPEs: 6EXPL: 1CVE-2018-6106 – chromium-browser: Incorrect handling of promises in V8
https://notcve.org/view.php?id=CVE-2018-6106
24 Apr 2018 — An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page. Un generador asíncrono podría devolver un estado incorrecto en V8 en Google Chrome, en versiones anteriores a la 66.0.3359.117, lo que permite que un atacante remoto explote una corrupción de objetos mediante una página HTML manipulada. Google Chrome V8 Await methods call ResolveNativePromise which calls InternalRes... • https://packetstorm.news/files/id/147386 • CWE-19: Data Processing Errors •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6107 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6107
24 Apr 2018 — Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This ... • http://www.securityfocus.com/bid/103917 •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6108 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6108
24 Apr 2018 — Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update ... • http://www.securityfocus.com/bid/103917 •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6109 – chromium-browser: Incorrect handling of files by FileAPI
https://notcve.org/view.php?id=CVE-2018-6109
24 Apr 2018 — readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page. readAsText() puede leer indefinidamente el archivo escogido por el usuario, en lugar de solo una vez cuando se elige el archivo en la API File en Google Chrome , en versiones anteriores a la 66.0.3359.117, lo que permitía que un... • http://www.securityfocus.com/bid/103917 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6110 – chromium-browser: Incorrect handling of plaintext files via file://
https://notcve.org/view.php?id=CVE-2018-6110
24 Apr 2018 — Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page. El análisis de documentos como HTML en Downloads en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto provocase que Chrome ejecutase scripts mediante una página local que no fuese HTML. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.117. Iss... • http://www.securityfocus.com/bid/103917 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6111 – chromium-browser: Heap-use-after-free in DevTools
https://notcve.org/view.php?id=CVE-2018-6111
24 Apr 2018 — An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page. Un problema de ciclo de vida de objetos en el manejador de la red de herramientas de desarrollador en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante local ejecutase código arbitrario mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgr... • http://www.securityfocus.com/bid/103917 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6112 – chromium-browser: Incorrect URL handling in DevTools
https://notcve.org/view.php?id=CVE-2018-6112
24 Apr 2018 — Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Hacer que las URL fuesen clicables y permitiendo su formateo en DevTools en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto omitiese las restricciones de navegación mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrad... • http://www.securityfocus.com/bid/103917 • CWE-706: Use of Incorrectly-Resolved Name or Reference •