CVE-2019-5837 – chromium-browser: Cross-origin resources size disclosure in Appcache
https://notcve.org/view.php?id=CVE-2019-5837
Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La filtración de información sobre el tamaño de los recursos en Blink en Google Chrome antes de 75.0.3770.80 permitió que un atacante remoto filtrara datos de origen cruzado a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/918293 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4 •
CVE-2019-5830 – chromium-browser: Incorrectly credentialed requests in CORS
https://notcve.org/view.php?id=CVE-2019-5830
Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La aplicación de políticas insuficientes en CORS en Google Chrome antes de 75.0.3770.80 permitió que un atacante remoto filtrara datos de origen cruzado a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/665766 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 https: •
CVE-2019-5840 – chromium-browser: Popup blocker bypass
https://notcve.org/view.php?id=CVE-2019-5840
Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. La IU de seguridad incorrecta en el bloqueador de ventanas emergentes en Google Chrome en iOS antes de 75.0.3770.80 permitió que un atacante remoto omitiera las restricciones de navegación a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/951782 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 https: • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2019-5828 – chromium-browser: Use after free in ServiceWorker
https://notcve.org/view.php?id=CVE-2019-5828
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. El problema del ciclo de vida del objeto en ServiceWorker en Google Chrome antes de 75.0.3770.80 permitió que un atacante remoto pudiera realizar un acceso a la memoria fuera de límites a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/956597 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 https: • CWE-416: Use After Free •
CVE-2019-5832 – chromium-browser: Incorrect CORS handling in XHR
https://notcve.org/view.php?id=CVE-2019-5832
Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La aplicación de políticas insuficientes en XMLHttpRequest en Google Chrome antes de 75.0.3770.80 permitió a un atacante remoto filtrar datos de origen cruzado a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/959390 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4 •