CVSS: 7.5EPSS: 33%CPEs: 5EXPL: 1CVE-2019-5796 – Google Chrome < M73 - Data Race in ExtensionsGuestViewMessageFilter
https://notcve.org/view.php?id=CVE-2019-5796
Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La carrera de datos en Extensions Guest View en Google Chrome antes de la versión 73.0.3683.75, permitió a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML creada. There appears to be a race condition in the destruction of the ExtensionsGuestViewMessageFilter if the ProcessIdToFilterMap is modified concurrently in Chrome. • https://www.exploit-db.com/exploits/46566 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html https://crbug.com/918861 https://access.redhat.com/security/cve/CVE-2019-5796 https://bugzilla.redhat.com/show_bug.cgi?id=1688198 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 97%CPEs: 1EXPL: 4CVE-2019-5786 – Google Chrome Blink Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2019-5786
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. El problema de la vida útil del objeto en Blink en Google Chrome antes del 72.0.3626.121 permitió que un atacante remoto pudiera realizar un acceso a la memoria fuera de límites a través de una página HTML diseñada. Google Chrome Blink contains a heap use-after-free vulnerability that allows an attacker to potentially perform out of bounds memory access via a crafted HTML page. • https://www.exploit-db.com/exploits/46812 https://github.com/exodusintel/CVE-2019-5786 https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html https://crbug.com/936448 https://access.redhat.com/security/cve/CVE-2019-5786 https://bugzilla.redhat.com/show_bug.cgi?id=1685162 https://blog.exodusintel.com/2019/03/20/cve-2019-5786-analysis-and-exploitation https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analysis-of-a-chrome-zero-day-cve-2019-5786 htt • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-5784 – chromium-browser: Inappropriate implementation in V8
https://notcve.org/view.php?id=CVE-2019-5784
Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El manejo incorrecto del código diferido en V8 en Google Chrome antes de 72.0.3626.96 permitió que un atacante remoto pudiera explotar la corrupción del montón a través de una página HTML diseñada • https://github.com/agenericapple/CVE-2019-5784-PoC https://chromereleases.googleblog.com/2019/02/stable-channel-update-for-desktop.html https://crbug.com/915975 https://access.redhat.com/security/cve/CVE-2019-5784 https://bugzilla.redhat.com/show_bug.cgi?id=1676527 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5783
https://notcve.org/view.php?id=CVE-2019-5783
Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page. La falta de codificación de URI de entrdas no fiables en DevTools en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía que un atacante remoto realizase un ataque de inyección de marcado colgante mediante una página HTML manipulada. • https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html https://crbug.com/895081 https://www.debian.org/security/2019/dsa-4395 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 3%CPEs: 7EXPL: 0CVE-2019-5782 – chromium-browser: Inappropriate implementation in V8
https://notcve.org/view.php?id=CVE-2019-5782
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Asunciones de optimización incorrectas en Google Chrome, en sus versiones V8 anteriores a la 72.0.3626.81, permitía a un atacante remoto ejecutar código arbitrario dentro de un sandbox mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106767 https://access.redhat.com/errata/RHSA-2019:0309 https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html https://crbug.com/906043 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6 https://www.debian.org/security/2019/dsa-4395 https://access.redhat.com&# • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •