CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6032 – chromium-browser: same origin bypass in shared worker
https://notcve.org/view.php?id=CVE-2018-6032
01 Feb 2018 — Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page. Aplicación de políticas insuficiente en Blink en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase los datos cross-origin del usuario mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 64.0.3282.119. Sec... • http://www.securityfocus.com/bid/102797 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6033 – chromium-browser: race when opening downloaded files
https://notcve.org/view.php?id=CVE-2018-6033
01 Feb 2018 — Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension. Validación de datos insuficiente en Downloads en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto ejecutase código arbitrario fuera del sandbox mediante una extensión de Chrome manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to v... • http://www.securityfocus.com/bid/102797 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6034 – chromium-browser: integer overflow in blink
https://notcve.org/view.php?id=CVE-2018-6034
01 Feb 2018 — Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Validación de datos insuficiente en WebGL en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 64.0.3282.119. ... • http://www.securityfocus.com/bid/102797 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6035 – chromium-browser: insufficient isolation of devtools from extensions
https://notcve.org/view.php?id=CVE-2018-6035
01 Feb 2018 — Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. Una aplicación de políticas insuficiente en DevTools en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase datos de archivos locales de un usuario mediante una extensión de Chrome manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium t... • http://www.securityfocus.com/bid/102797 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6036 – chromium-browser: integer underflow in webassembly
https://notcve.org/view.php?id=CVE-2018-6036
01 Feb 2018 — Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page. Validación de datos insuficiente en V8 en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase datos de archivos locales de un usuario mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 64.0.3282.119. Security Fix: Multiple f... • http://www.securityfocus.com/bid/102797 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6037 – chromium-browser: insufficient user gesture requirements in autofill
https://notcve.org/view.php?id=CVE-2018-6037
01 Feb 2018 — Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page. Implementación inapropiada en autofill en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto obtuviese datos de autofill con gestos insuficientes del usuario mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to... • http://www.securityfocus.com/bid/102797 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 2%CPEs: 6EXPL: 0CVE-2018-6038 – chromium-browser: heap buffer overflow in webgl
https://notcve.org/view.php?id=CVE-2018-6038
01 Feb 2018 — Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un desbordamiento de búfer basado en memoria dinámica (heap) en WebGL en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to ver... • http://www.securityfocus.com/bid/102797 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6039 – chromium-browser: xss in devtools
https://notcve.org/view.php?id=CVE-2018-6039
01 Feb 2018 — Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. Validación de datos insuficiente en DevTools en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase datos cross-origin de un usuario mediante una extensión de Chrome manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 64.0.3... • http://www.securityfocus.com/bid/102797 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6040 – chromium-browser: content security policy bypass
https://notcve.org/view.php?id=CVE-2018-6040
01 Feb 2018 — Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page. Aplicación de políticas insuficiente en Blink en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto omitiese las políticas de seguridad del contenido mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 64.0.3282... • http://www.securityfocus.com/bid/102797 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6041 – chromium-browser: url spoof in navigation
https://notcve.org/view.php?id=CVE-2018-6041
01 Feb 2018 — Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Interfaz de usuario de seguridad incorrecta en la navegación en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium t... • http://www.securityfocus.com/bid/102797 • CWE-20: Improper Input Validation •