CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-30540
https://notcve.org/view.php?id=CVE-2021-30540
Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Una interfaz de seguridad incorrecta en payments de Google Chrome en Android anterior a versión 91.0.4472.77, permitía a un atacante remoto llevar a cabo una suplantación de dominio por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html https://crbug.com/1184147 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54 https://security.gentoo.org/glsa/202107-06 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-30539
https://notcve.org/view.php?id=CVE-2021-30539
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. Una aplicación insuficiente de la política en content security policy en Google Chrome anterior a versión 91.0.4472.77, permitía a un atacante remoto omitir la política de seguridad de contenidos por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html https://crbug.com/971231 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54 https://security.gentoo.org/glsa/202107-06 • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2021-30538
https://notcve.org/view.php?id=CVE-2021-30538
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. Una aplicación insuficiente de la política en content security policy en Google Chrome anterior a versión 91.0.4472.77, permitía a un atacante remoto omitir la política de seguridad de contenidos por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html https://crbug.com/1115045 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54 https://security.gentoo.org/glsa/202107-06 • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2021-30537
https://notcve.org/view.php?id=CVE-2021-30537
Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page. Una aplicación insuficiente de la política en cookies en Google Chrome anterior a versión 91.0.4472.77, permitía a un atacante remoto omitir la política de cookies por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html https://crbug.com/830101 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54 https://security.gentoo.org/glsa/202107-06 • CWE-863: Incorrect Authorization •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 1CVE-2021-30536
https://notcve.org/view.php?id=CVE-2021-30536
Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. Una lectura fuera de límites en V8 en Google Chrome anterior a versión 91.0.4472.77, permitía a un atacante remoto explotar potencialmente corrupción de la pila por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html https://crbug.com/1194358 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54 https://security.gentoo.org/glsa/202107-06 • CWE-125: Out-of-bounds Read •