CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6110 – chromium-browser: Incorrect handling of plaintext files via file://
https://notcve.org/view.php?id=CVE-2018-6110
24 Apr 2018 — Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page. El análisis de documentos como HTML en Downloads en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto provocase que Chrome ejecutase scripts mediante una página local que no fuese HTML. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0.3359.117. Iss... • http://www.securityfocus.com/bid/103917 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6111 – chromium-browser: Heap-use-after-free in DevTools
https://notcve.org/view.php?id=CVE-2018-6111
24 Apr 2018 — An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page. Un problema de ciclo de vida de objetos en el manejador de la red de herramientas de desarrollador en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante local ejecutase código arbitrario mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgr... • http://www.securityfocus.com/bid/103917 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6112 – chromium-browser: Incorrect URL handling in DevTools
https://notcve.org/view.php?id=CVE-2018-6112
24 Apr 2018 — Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Hacer que las URL fuesen clicables y permitiendo su formateo en DevTools en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto omitiese las restricciones de navegación mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrad... • http://www.securityfocus.com/bid/103917 • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6113 – chromium-browser: URL spoof in Navigation
https://notcve.org/view.php?id=CVE-2018-6113
24 Apr 2018 — Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page. El manejo incorrecto de las entradas de navegación pendientes en Navigation en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto suplantase dominios mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to versio... • http://www.securityfocus.com/bid/103917 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6114 – chromium-browser: CSP bypass
https://notcve.org/view.php?id=CVE-2018-6114
24 Apr 2018 — Incorrect enforcement of CSP for
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6115 – Gentoo Linux Security Advisory 201804-22
https://notcve.org/view.php?id=CVE-2018-6115
24 Apr 2018 — Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page. La configuración incorrecta de la marca SEE_MASK_FLAG_NO_UI en las descargas de archivos en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto omitiese las comprobaciones de malware del sistema operativo mediante una página HTML manipulada. Multiple vulnerabilities hav... • http://www.securityfocus.com/bid/103917 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 2%CPEs: 6EXPL: 0CVE-2018-6116 – chromium-browser: Incorrect low memory handling in WebAssembly
https://notcve.org/view.php?id=CVE-2018-6116
24 Apr 2018 — A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Una desreferencia nullptr en WebAssembly en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto pudiese realizar un acceso a la memoria fuera de límites mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 66.0... • http://www.securityfocus.com/bid/103917 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6117 – chromium-browser: Confusing autofill settings
https://notcve.org/view.php?id=CVE-2018-6117
24 Apr 2018 — Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Las opciones confusas en Autofill en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitían que un atacante remoto pudiese obtener información potencialmente sensible del la memoria del proceso mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades C... • http://www.securityfocus.com/bid/103917 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2CVE-2018-6084 – Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-6084
21 Mar 2018 — Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file. Los objetos distribuidos poco saneados en Updater en Google Chrome, en versiones anteriores a la 66.0.3359.117 para macOS, permitían que un atacante local ejecutase código arbitrario mediante un archivo ejecutable. Google software updater suffers from a local privilege escalation vulnerability on MacOS due to unsafe use of Distrib... • https://packetstorm.news/files/id/146846 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6068 – Gentoo Linux Security Advisory 201803-05
https://notcve.org/view.php?id=CVE-2018-6068
14 Mar 2018 — Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Problemas de ciclo de vida de objetos en Chrome Custom Tab en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of... • http://www.securityfocus.com/bid/103297 • CWE-20: Improper Input Validation •