Page 319 of 2450 results (0.012 seconds)

CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 0

CVE-2018-18340 – chromium-browser: Use after free in MediaRecorder

https://notcve.org/view.php?id=CVE-2018-18340

Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El ciclo de vida de un objecto incorrecto en MediaRecorder en Google Chrome, en versiones anteriores a la 71.0.3578.80, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/896736 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18340 https://bugzilla.redhat.com/show_bug.cgi?id=1656554 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

CVE-2018-18354 – chromium-browser: Insufficient data validation in Shell Integration

https://notcve.org/view.php?id=CVE-2018-18354

Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page. La validación insuficiente de los protocolos externos en Shell Integration en Google Chrome en Windows en versiones anteriores a la 71.0.3578.80 permitía que un atacante remoto lanzase programas externos mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/889459 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18354 https://bugzilla.redhat.com/show_bug.cgi?id=1656568 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

CVE-2018-18339 – chromium-browser: Use after free in WebAudio

https://notcve.org/view.php?id=CVE-2018-18339

Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El ciclo de vida de un objecto incorrecto en WebAudio en Google Chrome, en versiones anteriores a la 71.0.3578.80, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/891187 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18339 https://bugzilla.redhat.com/show_bug.cgi?id=1656553 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0

CVE-2018-18353 – chromium-browser: Inappropriate implementation in Network Authentication

https://notcve.org/view.php?id=CVE-2018-18353

Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page. El error a la hora de descartar los diálogos http auth en la navegación en Network Authentication en Google Chrome en Android en versiones anteriores a la 71.0.3578.80 permitía que un atacante remoto confundiese al usuario sobre el origen de un diálogo auto mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/884179 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18353 https://bugzilla.redhat.com/show_bug.cgi?id=1656567 •

CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0

CVE-2018-18335 – chromium-browser: Heap buffer overflow in Skia

https://notcve.org/view.php?id=CVE-2018-18335

Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de búfer basado en memoria dinámica (heap) en Skia en Google Chrome, en versiones anteriores a la 71.0.3578.80, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/895362 https://security.gentoo.org/glsa/201904-07 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18335 https://bugzilla.redhat& • CWE-787: Out-of-bounds Write •