CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-6080 – chromium-browser: information disclosure in ipc call
https://notcve.org/view.php?id=CVE-2018-6080
12 Mar 2018 — Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes . La falta de comprobaciones de control de acceso en Instrumentation en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto que había comprometido el proceso renderer obtuviese metadatos de la memoria de procesos privilegiados. Multiple vulnerabilities have been foun... • https://packetstorm.news/files/id/146734 • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6081 – chromium-browser: xss in interstitials
https://notcve.org/view.php?id=CVE-2018-6081
12 Mar 2018 — XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page. Vulnerabilidades Cross-Site Scripting (XSS) en Interstitials en Google Chrome en versiones anteriores a la 65.0.3325.146 permitían que un atacante que convenció a un usuario para que instalase una extensión maliciosa o abriese la consola de desarrollador para inyectar scrip... • http://www.securityfocus.com/bid/103297 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6082 – chromium-browser: circumvention of port blocking
https://notcve.org/view.php?id=CVE-2018-6082
12 Mar 2018 — Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page. La inclusión del puerto 22 en la lista de puertos FTP permitidos en Networking en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese enumerar los servicios internos del host mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromiu... • http://www.securityfocus.com/bid/103297 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6083 – chromium-browser: incorrect processing of appmanifests
https://notcve.org/view.php?id=CVE-2018-6083
12 Mar 2018 — Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page. El error a la hora de deshabilitar la instalación PWA de páginas CSP en sandbox en AppManifest en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto accediese a API privilegiadas mediante una página HTML manipulada. Multiple vulnerabilities have been found in Chromium and Google ... • http://www.securityfocus.com/bid/103297 •
CVSS: 8.8EPSS: 2%CPEs: 6EXPL: 0CVE-2018-6056 – chromium-browser: incorrect derived class instantiation in v8
https://notcve.org/view.php?id=CVE-2018-6056
19 Feb 2018 — Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Una confusión de tipos podría conducir a una escritura fuera de límites en V8 en Google Chrome, en versiones anteriores a la 64.0.3282.168, lo que permite que un atacante remoto ejecute código arbitrario dentro de un sandbox mediante una página HTML manipulada. Chromium is an open-source web browser, powered by We... • http://www.securityfocus.com/bid/103003 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6031 – chromium-browser: use after free in pdfium
https://notcve.org/view.php?id=CVE-2018-6031
01 Feb 2018 — Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Uso de memoria previamente liberada en PDFium en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 64.0.3282.119. Security F... • http://www.securityfocus.com/bid/102797 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6032 – chromium-browser: same origin bypass in shared worker
https://notcve.org/view.php?id=CVE-2018-6032
01 Feb 2018 — Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page. Aplicación de políticas insuficiente en Blink en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase los datos cross-origin del usuario mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 64.0.3282.119. Sec... • http://www.securityfocus.com/bid/102797 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6033 – chromium-browser: race when opening downloaded files
https://notcve.org/view.php?id=CVE-2018-6033
01 Feb 2018 — Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension. Validación de datos insuficiente en Downloads en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto ejecutase código arbitrario fuera del sandbox mediante una extensión de Chrome manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to v... • http://www.securityfocus.com/bid/102797 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6034 – chromium-browser: integer overflow in blink
https://notcve.org/view.php?id=CVE-2018-6034
01 Feb 2018 — Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Validación de datos insuficiente en WebGL en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 64.0.3282.119. ... • http://www.securityfocus.com/bid/102797 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6035 – chromium-browser: insufficient isolation of devtools from extensions
https://notcve.org/view.php?id=CVE-2018-6035
01 Feb 2018 — Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. Una aplicación de políticas insuficiente en DevTools en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase datos de archivos locales de un usuario mediante una extensión de Chrome manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium t... • http://www.securityfocus.com/bid/102797 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •