CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5823 – chromium-browser: Forced navigation from service worker
https://notcve.org/view.php?id=CVE-2019-5823
Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. La aplicación de políticas insuficientes en los trabajadores del servicio en Google Chrome antes del 74.0.3729.108 permitió a un atacante remoto eludir las restricciones de navegación a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html https://crbug.com/930154 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2019/dsa-4500 https://access.redhat.com/security/cve/CVE-2019-5823 https&# • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-5787 – chromium-browser: Use after free in Canvas
https://notcve.org/view.php?id=CVE-2019-5787
Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El uso de memoria después del proceso Garbage-Collection en Blink en Google Chrome antes de la versión 73.0.3683.75, permitió a un atacante remoto explotar potencialmente la corrupción de pila por medio de una página HTML creada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html https://crbug.com/913964 https://access.redhat.com/security/cve/CVE-2019-5787 https://bugzilla.redhat.com/show_bug.cgi?id=1688189 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-5790 – chromium-browser: Heap buffer overflow in V8
https://notcve.org/view.php?id=CVE-2019-5790
An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Un desbordamiento de enteros que provoca una capacidad incorrecta de un búfer en JavaScript en Google Chrome antes de la versión 73.0.3683.75, permitió que un atacante remoto ejecutara código arbitrario dentro de un sandbox por medio de una página HTML creada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html https://crbug.com/914736 https://access.redhat.com/security/cve/CVE-2019-5790 https://bugzilla.redhat.com/show_bug.cgi?id=1688192 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-5791 – chromium-browser: Type confusion in V8
https://notcve.org/view.php?id=CVE-2019-5791
Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. La optimización inadecuada en V8 en Google Chrome antes de la versión 73.0.3683.75, permitió a un atacante remoto ejecutar una lectura de memoria fuera de límites por medio de una página HTML creada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html https://crbug.com/926651 https://access.redhat.com/security/cve/CVE-2019-5791 https://bugzilla.redhat.com/show_bug.cgi?id=1688193 • CWE-125: Out-of-bounds Read CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-5792 – chromium-browser: Integer overflow in PDFium
https://notcve.org/view.php?id=CVE-2019-5792
Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. El desbordamiento de enteros en PDFium en Google Chrome antes de la versión 73.0.3683.75, permitió que un atacante remoto ejecutara un acceso a la memoria fuera de límites por medio de un archivo PDF creado. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html https://crbug.com/914983 https://access.redhat.com/security/cve/CVE-2019-5792 https://bugzilla.redhat.com/show_bug.cgi?id=1688194 • CWE-190: Integer Overflow or Wraparound •