CVSS: 8.8EPSS: 53%CPEs: 5EXPL: 2CVE-2018-6064 – Xiaomi Mi6 V8 CollectValuesOrEntriesImpl Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-6064
12 Mar 2018 — Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Confusión de tipos en la implementación de __defineGetter__ en V8 en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. This vulnerability allows remote attackers to execute arbitrary c... • https://packetstorm.news/files/id/147025 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 8.8EPSS: 96%CPEs: 6EXPL: 4CVE-2018-6065 – Google Chromium V8 Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-6065
12 Mar 2018 — Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Desbordamiento de enteros en el cálculo del tamaño de asignación requerido al instanciar un nuevo objeto JavaScript en V8 en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) m... • https://packetstorm.news/files/id/147497 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6066 – chromium-browser: same origin bypass via canvas
https://notcve.org/view.php?id=CVE-2018-6066
12 Mar 2018 — Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La falta de comprobación de CORS de ResourceFetcher/ResourceLoader en Blink en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto filtrase datos de orígenes cruzados mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of whic... • https://github.com/DISREL/Ring0VBA • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6067 – chromium-browser: buffer overflow in skia
https://notcve.org/view.php?id=CVE-2018-6067
12 Mar 2018 — Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Serialización IPC incorrecta en Skia en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution ... • http://www.securityfocus.com/bid/103297 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6069 – chromium-browser: stack buffer overflow in skia
https://notcve.org/view.php?id=CVE-2018-6069
12 Mar 2018 — Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un desbordamiento de búfer basado en pila en Skia en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the exec... • http://www.securityfocus.com/bid/103297 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6070 – chromium-browser: csp bypass through extensions
https://notcve.org/view.php?id=CVE-2018-6070
12 Mar 2018 — Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. La falta de aplicación de la política de seguridad de contenido (CSP) en las páginas de WebUI en Bink en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante que hubiese convencido a un usuario para que instale una extensión maliciosa omita la CSP mediante... • http://www.securityfocus.com/bid/103297 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6071 – chromium-browser: heap bufffer overflow in skia
https://notcve.org/view.php?id=CVE-2018-6071
12 Mar 2018 — An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Desbordamiento de enteros en Skia en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execution of arbitrary... • http://www.securityfocus.com/bid/103297 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6072 – chromium-browser: integer overflow in pdfium
https://notcve.org/view.php?id=CVE-2018-6072
12 Mar 2018 — An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Un desbordamiento de enteros que conduce a un uso de memoria previamente liberada en PDFium en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo PDF manipulado. Multiple vulnerabilities have been found in Chro... • http://www.securityfocus.com/bid/103297 • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6073 – chromium-browser: heap bufffer overflow in webgl
https://notcve.org/view.php?id=CVE-2018-6073
12 Mar 2018 — A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Un desbordamiento de búfer basado en memoria dinámica (heap) en WebGL en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese realizar una escritura de memoria fuera de límites mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which... • http://www.securityfocus.com/bid/103297 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6074 – chromium-browser: mark-of-the-web bypass
https://notcve.org/view.php?id=CVE-2018-6074
12 Mar 2018 — Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page. El error al aplicar Mark-of-the-Web en las descargas en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto omitiese los controles de nivel del sistema operativo mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the ... • http://www.securityfocus.com/bid/103297 • CWE-20: Improper Input Validation •