CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6081 – chromium-browser: xss in interstitials
https://notcve.org/view.php?id=CVE-2018-6081
12 Mar 2018 — XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page. Vulnerabilidades Cross-Site Scripting (XSS) en Interstitials en Google Chrome en versiones anteriores a la 65.0.3325.146 permitían que un atacante que convenció a un usuario para que instalase una extensión maliciosa o abriese la consola de desarrollador para inyectar scrip... • http://www.securityfocus.com/bid/103297 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6076 – chromium-browser: incorrect handling of url fragment identifiers in blink
https://notcve.org/view.php?id=CVE-2018-6076
12 Mar 2018 — Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page. El cifrado insuficiente de identificadores de fragmentos de URL en Blink en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto realizase un ataque Cross-Site Scripting (XSS) basado en DOM mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google C... • http://www.securityfocus.com/bid/103297 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6079 – chromium-browser: information disclosure via texture data in webgl
https://notcve.org/view.php?id=CVE-2018-6079
12 Mar 2018 — Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La compartición inapropiada de datos TEXTURE_2D_ARRAY/TEXTURE_3D entre pestañas en WebGL en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto filtrase datos de orígenes cruzados mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Goog... • http://www.securityfocus.com/bid/103297 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6060 – chromium-browser: use-after-free in blink
https://notcve.org/view.php?id=CVE-2018-6060
12 Mar 2018 — Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en WebAudio en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the execu... • http://www.securityfocus.com/bid/103297 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6078 – chromium-browser: url spoof in omnibox
https://notcve.org/view.php?id=CVE-2018-6078
12 Mar 2018 — Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. El manejo incorrecto de caracteres confundibles en Omnibox en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante un nombre de dominio manipulado. Multiple vulnerabilities have been found in Chromium and Google Ch... • http://www.securityfocus.com/bid/103297 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6072 – chromium-browser: integer overflow in pdfium
https://notcve.org/view.php?id=CVE-2018-6072
12 Mar 2018 — An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Un desbordamiento de enteros que conduce a un uso de memoria previamente liberada en PDFium en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo PDF manipulado. Multiple vulnerabilities have been found in Chro... • http://www.securityfocus.com/bid/103297 • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 1CVE-2018-6063 – chromium-browser: incorrect permissions on shared memory
https://notcve.org/view.php?id=CVE-2018-6063
12 Mar 2018 — Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. El uso incorrecto de mojo::WrapSharedMemoryHandle en Mojo en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto que hubiese comprometido el proceso renderer pudiese realizar una escritura de memoria fuera de límites mediante una página HTML manipu... • https://packetstorm.news/files/id/146735 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6075 – chromium-browser: overly permissive cross origin downloads
https://notcve.org/view.php?id=CVE-2018-6075
12 Mar 2018 — Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction. El manejo incorrecto de nombres de archivo especificados en las descargas de archivo en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto filtrase datos de orígenes cruzados mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google ... • http://www.securityfocus.com/bid/103297 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6061 – chromium-browser: race condition in v8
https://notcve.org/view.php?id=CVE-2018-6061
12 Mar 2018 — A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una carrera en el manejo de SharedArrayBuffers en WebAssembly en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, ... • http://www.securityfocus.com/bid/103297 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 53%CPEs: 5EXPL: 2CVE-2018-6064 – Xiaomi Mi6 V8 CollectValuesOrEntriesImpl Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-6064
12 Mar 2018 — Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Confusión de tipos en la implementación de __defineGetter__ en V8 en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. This vulnerability allows remote attackers to execute arbitrary c... • https://packetstorm.news/files/id/147025 • CWE-704: Incorrect Type Conversion or Cast •