CVSS: 8.8EPSS: 4%CPEs: 8EXPL: 0CVE-2019-5828 – chromium-browser: Use after free in ServiceWorker
https://notcve.org/view.php?id=CVE-2019-5828
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. El problema del ciclo de vida del objeto en ServiceWorker en Google Chrome antes de 75.0.3770.80 permitió que un atacante remoto pudiera realizar un acceso a la memoria fuera de límites a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/956597 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 https: • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5836 – chromium-browser: Heap buffer overflow in Angle
https://notcve.org/view.php?id=CVE-2019-5836
Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El desbordamiento del búfer del montón en ANGLE en Google Chrome antes de 75.0.3770.80 permitió a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/947342 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 https: • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5838 – chromium-browser: Overly permissive tab access in Extensions
https://notcve.org/view.php?id=CVE-2019-5838
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension. La aplicación de políticas insuficientes en la API de extensiones en Google Chrome antes de 75.0.3770.80 permitió a un atacante que convenció a un usuario de instalar una extensión maliciosa para evitar las restricciones en los URI de archivos a través de una extensión de Chrome diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/893087 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 https: • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-5833 – chromium-browser: Inconsistent security UI placement
https://notcve.org/view.php?id=CVE-2019-5833
Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page. El alcance del cuadro de diálogo incorrecto en el navegador en Google Chrome en Android antes de 75.0.3770.80 permitió a un atacante remoto mostrar una IU de seguridad engañosa a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/945067 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 https: •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5839 – chromium-browser: Incorrect handling of certain code points in Blink
https://notcve.org/view.php?id=CVE-2019-5839
Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL. La validación excesiva de datos en el analizador de URL en Google Chrome anterior a la versión 75.0.3770.80 permitió que un atacante remoto convenciera a un usuario de introducir una URL para omitir la validación de URL del sitio web a través de una URL diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/925614 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4 • CWE-20: Improper Input Validation •