Page 252 of 3354 results (0.011 seconds)

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 1

Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page. Una implementación inapropiada en developer tools en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto que había convencido al usuario de utilizar devtools (herramientas de desarrollo) para explotar potencialmente una corrupción de la pila (heap) por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html https://crbug.com/991217 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD https://lists.fedora • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. Una aplicación insuficiente de la política en trusted types en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto omitir una política de seguridad de contenido por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html https://crbug.com/933172 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD https://lists.fedora • CWE-276: Incorrect Default Permissions •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. Una aplicación insuficiente de la política en trusted types en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto omitir una política de seguridad de contenido por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html https://crbug.com/933171 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD https://lists.fedora • CWE-276: Incorrect Default Permissions •

CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 1

Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso no inicializado en WebRTC en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto explotar potencialmente una corrupción de la pila (heap) por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html https://crbug.com/922882 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD https://lists.fedora • CWE-908: Use of Uninitialized Resource •

CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0

Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page. Una comprobación insuficiente de datos en developer tools en Google Chrome versiones anteriores a 81.0.4044.92, permitió a un atacante remoto que había convencido al usuario de utilizar devtools ejecutar código arbitrario por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html https://crbug.com/1040080 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD https://lists.fedor • CWE-345: Insufficient Verification of Data Authenticity •