CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5767 – chromium-browser: Incorrect security UI in WebAPKs
https://notcve.org/view.php?id=CVE-2019-5767
Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK. La protección de permisos de la interfaz de usuario insuficiente en WebAPKs en Google Chrome en Android, en versiones anteriores a la 72.0.3626.81, permitía a un atacante que convenció al usuario para que instalase una aplicación maliciosa acceder a API web sensibles de privacidad/seguridad mediante un APK manipulado. • http://www.securityfocus.com/bid/106767 https://access.redhat.com/errata/RHSA-2019:0309 https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html https://crbug.com/902427 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6 https://www.debian.org/security/2019/dsa-4395 https://access.redhat.com&# • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-5776 – chromium-browser: Insufficient policy enforcement in Omnibox
https://notcve.org/view.php?id=CVE-2019-5776
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. La gestión incorrecta de un carácter fácil de confundir en Omnibox en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía que un atacante remoto suplante el contenido del Omnibox (barra de URL) mediante un nombre de dominio manipulado. • http://www.securityfocus.com/bid/106767 https://access.redhat.com/errata/RHSA-2019:0309 https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html https://crbug.com/863663 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6 https://www.debian.org/security/2019/dsa-4395 https://access.redhat.com&# •
CVSS: 9.6EPSS: 0%CPEs: 7EXPL: 0CVE-2019-5754 – chromium-browser: Inappropriate implementation in QUIC Networking
https://notcve.org/view.php?id=CVE-2019-5754
Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy. Un error de implementación en QUIC Networking en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante, que ejecutaba o era capaz de usar un servidor proxy, obtener el texto claro de un cifrado de transporte mediante un proxy de red malicioso. • http://www.securityfocus.com/bid/106767 https://access.redhat.com/errata/RHSA-2019:0309 https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html https://crbug.com/914497 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6 https://www.debian.org/security/2019/dsa-4395 https://access.redhat.com&# • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.8EPSS: 3%CPEs: 7EXPL: 0CVE-2019-5769 – chromium-browser: Insufficient validation of untrusted input in Blink
https://notcve.org/view.php?id=CVE-2019-5769
Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La gestión incorrecta de la posición de caracteres finales inválida cuando la renderización frontal en Blink en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto explotar una corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. • https://access.redhat.com/errata/RHSA-2019:0309 https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html https://crbug.com/913975 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6 https://www.debian.org/security/2019/dsa-4395 https://access.redhat.com/security/cve/CVE-2019-5769 https://b • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-5755 – chromium-browser: Inappropriate implementation in V8
https://notcve.org/view.php?id=CVE-2019-5755
Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. El manejo incorrecto de un "negative zero" en V8 en Google Chrome en versiones anteriores a la 72.0.3626.81, permitía a un atacante remoto realizar lecturas/escrituras arbitrarias mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106767 https://access.redhat.com/errata/RHSA-2019:0309 https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html https://crbug.com/913296 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6 https://www.debian.org/security/2019/dsa-4395 https://access.redhat.com&# • CWE-189: Numeric Errors •