Page 200 of 3188 results (0.012 seconds)

CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 1

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en V8 en Google Chrome versiones anteriores a 88.0.4324.150, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada The fix for CVE-2021-21148 has added a check in |ValueSerializer::WriteJSArrayBuffer| to make sure non-detachable array buffers cannot be transferred. The check can be bypassed with the help of asm.js and property getters. Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://github.com/Grayhaxor/CVE-2021-21148 http://packetstormsecurity.com/files/162579/Chrome-Array-Transfer-Bypass.html https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html https://crbug.com/1170176 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ACWYJ74Z3YN2XH4QMUEGNBC3VXX464L https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUQSMNV7INLDDSD3RKI5S5EAULX2QC7P https://security.gentoo.org/glsa/202104-08 htt • CWE-787: Out-of-bounds Write •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. La implementación inapropiada en Skia en Google Chrome versiones anteriores a 88.0.4324.146, permitía a un atacante local falsificar el contenido del Omnibox (barra de URL) por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html https://crbug.com/1162942 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ACWYJ74Z3YN2XH4QMUEGNBC3VXX464L https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUQSMNV7INLDDSD3RKI5S5EAULX2QC7P https://security.gentoo.org/glsa/202104-08 •

CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 0

Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en Navigation en Google Chrome versiones anteriores a 88.0.4324.146, permitía a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html https://crbug.com/1161705 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ACWYJ74Z3YN2XH4QMUEGNBC3VXX464L https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUQSMNV7INLDDSD3RKI5S5EAULX2QC7P https://security.gentoo.org/glsa/202104-08 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en Fonts en Google Chrome versiones anteriores a 88.0.4324.146, permitía a un atacante remoto explotar una corrupción de la memoria por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html https://crbug.com/1154965 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ACWYJ74Z3YN2XH4QMUEGNBC3VXX464L https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUQSMNV7INLDDSD3RKI5S5EAULX2QC7P https://security.gentoo.org/glsa/202104-08 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Un desbordamiento del búfer de la pila en Tab Groups en Google Chrome versiones anteriores a 88.0.4324.146, permitía a un atacante que convenció a un usuario de instalar una extensión maliciosa para explotar potencialmente una corrupción de la pila por medio de una Extensión de Chrome diseñada • https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html https://crbug.com/1163845 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ACWYJ74Z3YN2XH4QMUEGNBC3VXX464L https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUQSMNV7INLDDSD3RKI5S5EAULX2QC7P https://security.gentoo.org/glsa/202104-08 • CWE-787: Out-of-bounds Write •