CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6061 – chromium-browser: race condition in v8
https://notcve.org/view.php?id=CVE-2018-6061
12 Mar 2018 — A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una carrera en el manejo de SharedArrayBuffers en WebAssembly en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, ... • http://www.securityfocus.com/bid/103297 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 53%CPEs: 5EXPL: 2CVE-2018-6064 – Xiaomi Mi6 V8 CollectValuesOrEntriesImpl Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-6064
12 Mar 2018 — Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Confusión de tipos en la implementación de __defineGetter__ en V8 en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. This vulnerability allows remote attackers to execute arbitrary c... • https://packetstorm.news/files/id/147025 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 8.8EPSS: 96%CPEs: 6EXPL: 4CVE-2018-6065 – Google Chromium V8 Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-6065
12 Mar 2018 — Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Desbordamiento de enteros en el cálculo del tamaño de asignación requerido al instanciar un nuevo objeto JavaScript en V8 en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) m... • https://packetstorm.news/files/id/147497 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6069 – chromium-browser: stack buffer overflow in skia
https://notcve.org/view.php?id=CVE-2018-6069
12 Mar 2018 — Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un desbordamiento de búfer basado en pila en Skia en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the exec... • http://www.securityfocus.com/bid/103297 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6074 – chromium-browser: mark-of-the-web bypass
https://notcve.org/view.php?id=CVE-2018-6074
12 Mar 2018 — Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page. El error al aplicar Mark-of-the-Web en las descargas en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto omitiese los controles de nivel del sistema operativo mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the ... • http://www.securityfocus.com/bid/103297 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6066 – chromium-browser: same origin bypass via canvas
https://notcve.org/view.php?id=CVE-2018-6066
12 Mar 2018 — Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La falta de comprobación de CORS de ResourceFetcher/ResourceLoader en Blink en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto filtrase datos de orígenes cruzados mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of whic... • https://github.com/DISREL/Ring0VBA • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6080 – chromium-browser: information disclosure in ipc call
https://notcve.org/view.php?id=CVE-2018-6080
12 Mar 2018 — Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes . La falta de comprobaciones de control de acceso en Instrumentation en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto que había comprometido el proceso renderer obtuviese metadatos de la memoria de procesos privilegiados. Multiple vulnerabilities have been foun... • https://packetstorm.news/files/id/146734 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 1CVE-2018-6057 – chromium-browser: incorrect permissions on shared memory
https://notcve.org/view.php?id=CVE-2018-6057
12 Mar 2018 — Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page. La falta de una convención especial de Android ashmem en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto que había comprometido el proceso renderer omitiese las garantías de solo lectura del proceso intermedio mediante una página HTML manipulada. Multip... • https://packetstorm.news/files/id/146733 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6077 – chromium-browser: timing attack using svg filters
https://notcve.org/view.php?id=CVE-2018-6077
12 Mar 2018 — Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Los filtros de mapa de desplazamiento que se aplican a las imágenes de origen cruzado en el renderizado Blink SVG en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto filtrase datos de orígenes cruzados mediante una página HTML manipulada. Multiple vulnerabilities have b... • http://www.securityfocus.com/bid/103297 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6082 – chromium-browser: circumvention of port blocking
https://notcve.org/view.php?id=CVE-2018-6082
12 Mar 2018 — Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page. La inclusión del puerto 22 en la lista de puertos FTP permitidos en Networking en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese enumerar los servicios internos del host mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromiu... • http://www.securityfocus.com/bid/103297 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •