Page 296 of 3300 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-6177 – chromium-browser: Cross origin information leak in Blink

https://notcve.org/view.php?id=CVE-2018-6177

Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La fuga de información en el motor de medios en Google Chrome antes de 68.0.3440.75 permitió a un atacante remoto filtrar datos de origen cruzado a través de una página HTML diseñada • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html https://crbug.com/826187 https://access.redhat.com/security/cve/CVE-2018-6177 https://bugzilla.redhat.com/show_bug.cgi?id=1608201 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0

CVE-2019-5816

https://notcve.org/view.php?id=CVE-2019-5816

Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page. El problema de la duración del proceso en Chrome en Google Chrome en Android antes de 74.0.3729.108 permitió que un atacante remoto pudiera persistir en un proceso explotado a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html https://crbug.com/940245 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://security.gentoo.org/glsa/201908-18 • CWE-664: Improper Control of a Resource Through its Lifetime •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0

CVE-2019-5817

https://notcve.org/view.php?id=CVE-2019-5817

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El desbordamiento del búfer del heap en ANGLE en Google Chrome en Windows antes de 74.0.3729.108 permitió que un atacante remoto pudiera explotar la corrupción del montón a través de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html https://crbug.com/943709 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://security.gentoo.org/glsa/201908-18 • CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-20073

https://notcve.org/view.php?id=CVE-2018-20073

Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem. El uso de atributos extendidos en descargas en Google Chrome antes del 72.0.3626.81 permitió a un atacante local leer las URL de descarga a través del sistema de archivos. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00057.html https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html https://crbug.com/733943 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2018-6128

https://notcve.org/view.php?id=CVE-2018-6128

Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page. El análisis incorrecto de URL en WebKit en Google Chrome en iOS antes de 67.0.3396.62 permitió que un atacante remoto realizara una falsificación de dominio a través de una página HTML diseñada. • https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html https://crbug.com/841105 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •