CVSS: 8.8EPSS: 30%CPEs: 6EXPL: 2CVE-2018-6092 – Google Chrome - Integer Overflow when Processing WebAssembly Locals
https://notcve.org/view.php?id=CVE-2018-6092
24 Apr 2018 — An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Un desbordamiento de enteros en sistemas de 32 bits en WebAssembly en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto ejecutase código arbitrario dentro de un sandbox mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrade... • https://packetstorm.news/files/id/148090 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6096 – chromium-browser: Fullscreen UI spoof
https://notcve.org/view.php?id=CVE-2018-6096
24 Apr 2018 — A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. Una ventana centrada con JavaScript podría superponerse a la notificación de pantalla completa en Fullscreen en Google Chrome, en versiones anteriores a la 66.0.3359.117, lo que permitía que un atacante remoto ocultase la advertencia de pantalla completa mediante una página HTML manipulada. Chromium i... • http://www.securityfocus.com/bid/103917 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 0CVE-2018-6097 – chromium-browser: Fullscreen UI spoof
https://notcve.org/view.php?id=CVE-2018-6097
24 Apr 2018 — Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page. La gestión incorrecta de los métodos asíncronos en Fullscreen en Google Chrome, en versiones anteriores a la 66.0.3359.117 para macOS, permitía que un atacante remoto pudiese entrar en modo de pantalla completa sin mostrar un aviso mediante una página HTML manipulada. Chromium is an open-source web browser,... • http://www.securityfocus.com/bid/103917 • CWE-19: Data Processing Errors •
CVSS: 8.8EPSS: 6%CPEs: 6EXPL: 0CVE-2018-6087 – chromium-browser: Use after free in WebAssembly
https://notcve.org/view.php?id=CVE-2018-6087
24 Apr 2018 — A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Un uso de memoria previamente liberada en WebAssembly en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto ejecutase código arbitrario dentro de un sandbox mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.11... • http://www.securityfocus.com/bid/103917 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6117 – chromium-browser: Confusing autofill settings
https://notcve.org/view.php?id=CVE-2018-6117
24 Apr 2018 — Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Las opciones confusas en Autofill en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitían que un atacante remoto pudiese obtener información potencialmente sensible del la memoria del proceso mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades C... • http://www.securityfocus.com/bid/103917 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 2%CPEs: 6EXPL: 0CVE-2018-6116 – chromium-browser: Incorrect low memory handling in WebAssembly
https://notcve.org/view.php?id=CVE-2018-6116
24 Apr 2018 — A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Una desreferencia nullptr en WebAssembly en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto pudiese realizar un acceso a la memoria fuera de límites mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0... • http://www.securityfocus.com/bid/103917 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6091 – chromium-browser: Incorrect handling of plug-ins by Service Worker
https://notcve.org/view.php?id=CVE-2018-6091
24 Apr 2018 — Service Workers can intercept any request made by an
CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 0CVE-2018-6100 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6100
24 Apr 2018 — Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 66.0.3359.117 para macOS, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. Chromium is an open-source web browser, powe... • http://www.securityfocus.com/bid/103917 • CWE-19: Data Processing Errors •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2CVE-2018-6084 – Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-6084
21 Mar 2018 — Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file. Los objetos distribuidos poco saneados en Updater en Google Chrome, en versiones anteriores a la 66.0.3359.117 para macOS, permitían que un atacante local ejecutase código arbitrario mediante un archivo ejecutable. Google software updater suffers from a local privilege escalation vulnerability on MacOS due to unsafe use of Distrib... • https://packetstorm.news/files/id/146846 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6068 – Gentoo Linux Security Advisory 201803-05
https://notcve.org/view.php?id=CVE-2018-6068
14 Mar 2018 — Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Problemas de ciclo de vida de objetos en Chrome Custom Tab en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of... • http://www.securityfocus.com/bid/103297 • CWE-20: Improper Input Validation •