CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6052 – chromium-browser: incomplete no-referrer policy implementation
https://notcve.org/view.php?id=CVE-2018-6052
01 Feb 2018 — Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data. La falta de soporte para un valor de política no-referrer no estándar, no-referrer en Blink en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto obtuviese detalles de referrer de una página web que pensaba que había rechazado el envío ... • http://www.securityfocus.com/bid/102797 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6053 – chromium-browser: leak of page thumbnails in new tab page
https://notcve.org/view.php?id=CVE-2018-6053
01 Feb 2018 — Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page. Implementación inapropiada en New Tab Page en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante local viese las imágenes en miniatura de un sitio web tras limpiar los datos del navegador mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. T... • http://www.securityfocus.com/bid/102797 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6054 – chromium-browser: use after free in webui
https://notcve.org/view.php?id=CVE-2018-6054
01 Feb 2018 — Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. Uso de memoria previamente liberada en WebUI en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una extensión de Chrome manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 64.0.3282.... • http://www.securityfocus.com/bid/102797 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6055 – chromium-browser: Insufficient policy enforcement in Catalog Service
https://notcve.org/view.php?id=CVE-2018-6055
31 Jan 2018 — Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page. Aplicación de políticas insuficiente en Catalog Service en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto ejecutase código arbitrario fuera del sandbox mediante una página HTML manipulada. Chromium suffers from a sandbox escape vulnerability via an exposed filesystem::mojom::Di... • https://packetstorm.news/files/id/146188 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0CVE-2015-1290
https://notcve.org/view.php?id=CVE-2015-1290
09 Jan 2018 — The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. El motor Google V8, tal y como se utiliza en Google Chrome en versiones anteriores a la 44.0.2403.89 y QtWebEngineCore en Qt en versiones anteriores a la 5.5.1, permiten que atacantes remotos provoquen una denegación de servicio (corrupción de memoria) o ejecuten código arbitrario ... • http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2017-1000460
https://notcve.org/view.php?id=CVE-2017-1000460
03 Jan 2018 — In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception. En la línea libavcodec/h264dec.c:500 en libav (v13_dev0), ffmpeg (n3.4) y chromium (56 anterior al 13 de febrero de 2017), el valor de retorno de init_get_bits se ignora y se llama a get_ue_golomb (gb) en un contexto get_bits no inicializado. Esto desemboca e... • https://bugzilla.libav.org/show_bug.cgi?id=952 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-15429 – chromium-browser: uxss in v8
https://notcve.org/view.php?id=CVE-2017-15429
18 Dec 2017 — Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. Implementación inadecuada en los enlaces V8 WebAssembly JS en Google Chrome en versiones anteriores a la 63.0.3239.108 permitía que un atacante remoto inyectase scripts o HTML arbitrarios (UXSS) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromiu... • http://www.securityfocus.com/bid/102196 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 2%CPEs: 5EXPL: 0CVE-2017-15407 – chromium-browser: out of bounds write in quic
https://notcve.org/view.php?id=CVE-2017-15407
07 Dec 2017 — Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server. Una escritura fuera de límites en la pila de networking QUIC en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto pudiese ejecutar código mediante un servidor malicioso. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 63.0.3239.84. Security Fix: Multiple flaws ... • https://access.redhat.com/errata/RHSA-2017:3401 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2017-15408 – chromium-browser: heap buffer overflow in pdfium
https://notcve.org/view.php?id=CVE-2017-15408
07 Dec 2017 — Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium. Un desbordamiento de búfer basado en memoria dinámica (heap) en Omnibox en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto pudiese explotar una corrupción de heap mediante un archivo PDF manipulado que es gestionado erróneamente por PDFium. Chromium is an open-source web browser, po... • https://access.redhat.com/errata/RHSA-2017:3401 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2017-15409 – chromium-browser: out of bounds write in skia
https://notcve.org/view.php?id=CVE-2017-15409
07 Dec 2017 — Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Desbordamiento de búfer basado en memoria dinámica (heap) en Skia en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 6... • https://access.redhat.com/errata/RHSA-2017:3401 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •