CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6072 – chromium-browser: integer overflow in pdfium
https://notcve.org/view.php?id=CVE-2018-6072
12 Mar 2018 — An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Un desbordamiento de enteros que conduce a un uso de memoria previamente liberada en PDFium en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo PDF manipulado. Multiple vulnerabilities have been found in Chro... • http://www.securityfocus.com/bid/103297 • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 1CVE-2018-6063 – chromium-browser: incorrect permissions on shared memory
https://notcve.org/view.php?id=CVE-2018-6063
12 Mar 2018 — Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. El uso incorrecto de mojo::WrapSharedMemoryHandle en Mojo en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto que hubiese comprometido el proceso renderer pudiese realizar una escritura de memoria fuera de límites mediante una página HTML manipu... • https://packetstorm.news/files/id/146735 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6075 – chromium-browser: overly permissive cross origin downloads
https://notcve.org/view.php?id=CVE-2018-6075
12 Mar 2018 — Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction. El manejo incorrecto de nombres de archivo especificados en las descargas de archivo en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto filtrase datos de orígenes cruzados mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google ... • http://www.securityfocus.com/bid/103297 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6061 – chromium-browser: race condition in v8
https://notcve.org/view.php?id=CVE-2018-6061
12 Mar 2018 — A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una carrera en el manejo de SharedArrayBuffers en WebAssembly en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, ... • http://www.securityfocus.com/bid/103297 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 53%CPEs: 5EXPL: 2CVE-2018-6064 – Xiaomi Mi6 V8 CollectValuesOrEntriesImpl Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-6064
12 Mar 2018 — Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Confusión de tipos en la implementación de __defineGetter__ en V8 en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. This vulnerability allows remote attackers to execute arbitrary c... • https://packetstorm.news/files/id/147025 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 8.8EPSS: 96%CPEs: 6EXPL: 4CVE-2018-6065 – Google Chromium V8 Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-6065
12 Mar 2018 — Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Desbordamiento de enteros en el cálculo del tamaño de asignación requerido al instanciar un nuevo objeto JavaScript en V8 en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) m... • https://packetstorm.news/files/id/147497 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6069 – chromium-browser: stack buffer overflow in skia
https://notcve.org/view.php?id=CVE-2018-6069
12 Mar 2018 — Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un desbordamiento de búfer basado en pila en Skia en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the exec... • http://www.securityfocus.com/bid/103297 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6074 – chromium-browser: mark-of-the-web bypass
https://notcve.org/view.php?id=CVE-2018-6074
12 Mar 2018 — Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page. El error al aplicar Mark-of-the-Web en las descargas en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto omitiese los controles de nivel del sistema operativo mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the ... • http://www.securityfocus.com/bid/103297 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6066 – chromium-browser: same origin bypass via canvas
https://notcve.org/view.php?id=CVE-2018-6066
12 Mar 2018 — Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La falta de comprobación de CORS de ResourceFetcher/ResourceLoader en Blink en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto filtrase datos de orígenes cruzados mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of whic... • https://github.com/DISREL/Ring0VBA • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6080 – chromium-browser: information disclosure in ipc call
https://notcve.org/view.php?id=CVE-2018-6080
12 Mar 2018 — Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes . La falta de comprobaciones de control de acceso en Instrumentation en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto que había comprometido el proceso renderer obtuviese metadatos de la memoria de procesos privilegiados. Multiple vulnerabilities have been foun... • https://packetstorm.news/files/id/146734 • CWE-269: Improper Privilege Management •