CVE-2019-5842 – chromium-browser: Use-after-free in Blink
https://notcve.org/view.php?id=CVE-2019-5842
Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en Blink en Google Chrome versiones anteriores a 75.0.3770.90, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. • https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop_13.html https://crbug.com/961413 https://access.redhat.com/security/cve/CVE-2019-5842 https://bugzilla.redhat.com/show_bug.cgi?id=1720544 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVE-2019-5835 – chromium-browser: Out of bounds read in Swiftshader
https://notcve.org/view.php?id=CVE-2019-5835
Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. El problema del ciclo de vida de los objetos en SwiftShader en Google Chrome antes de 75.0.3770.80 permitió que un atacante remoto pudiera realizar un acceso a la memoria fuera de los límites a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/939239 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://security.gentoo.org/glsa/201908-18 https://access.redhat.com/security/cve/CVE-2019- • CWE-125: Out-of-bounds Read •
CVE-2019-5837 – chromium-browser: Cross-origin resources size disclosure in Appcache
https://notcve.org/view.php?id=CVE-2019-5837
Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La filtración de información sobre el tamaño de los recursos en Blink en Google Chrome antes de 75.0.3770.80 permitió que un atacante remoto filtrara datos de origen cruzado a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/918293 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4 •
CVE-2019-5830 – chromium-browser: Incorrectly credentialed requests in CORS
https://notcve.org/view.php?id=CVE-2019-5830
Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La aplicación de políticas insuficientes en CORS en Google Chrome antes de 75.0.3770.80 permitió que un atacante remoto filtrara datos de origen cruzado a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/665766 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 https: •
CVE-2019-5840 – chromium-browser: Popup blocker bypass
https://notcve.org/view.php?id=CVE-2019-5840
Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. La IU de seguridad incorrecta en el bloqueador de ventanas emergentes en Google Chrome en iOS antes de 75.0.3770.80 permitió que un atacante remoto omitiera las restricciones de navegación a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/951782 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 https: • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •