CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-18347 – chromium-browser: Inappropriate implementation in Navigation
https://notcve.org/view.php?id=CVE-2018-18347
Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page. El manejo incorrecto de sesiones de navegación fallidas con URL inválidas en Navigation en Google Chrome en versiones anteriores a la 71.0.3578.80 permitía a un atacante remoto engañar a un usuario para que ejecutase código JavaScript en un origen arbitrario mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/850824 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18347 https://bugzilla.redhat.com/show_bug.cgi?id=1656561 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-18354 – chromium-browser: Insufficient data validation in Shell Integration
https://notcve.org/view.php?id=CVE-2018-18354
Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page. La validación insuficiente de los protocolos externos en Shell Integration en Google Chrome en Windows en versiones anteriores a la 71.0.3578.80 permitía que un atacante remoto lanzase programas externos mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/889459 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18354 https://bugzilla.redhat.com/show_bug.cgi?id=1656568 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-17481 – chromium-browser: Use after frees in PDFium
https://notcve.org/view.php?id=CVE-2018-17481
Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. El manejo incorrecto del ciclo de vida de objetos en PDFium en Google Chrome, en versiones anteriores a la 71.0.3578.98, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo PDF manipulado. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html https://crbug.com/901654 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://www.debian.org/security/2019/dsa-4395 https://access.redhat.com/security/cve/CVE-2018-17481 https:&#x • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-18346 – chromium-browser: Incorrect security UI in Blink
https://notcve.org/view.php?id=CVE-2018-18346
Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page. El manejo incorrecto de cuadros de alertas emergentes en Blink en Google Chrome en versiones anteriores a la 71.0.3578.80, permitía a un atacante remoto presentar interfaces de usuario de navegador confusas mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/606104 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18346 https://bugzilla.redhat.com/show_bug.cgi?id=1656560 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6115
https://notcve.org/view.php?id=CVE-2018-6115
Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page. La configuración incorrecta de la marca SEE_MASK_FLAG_NO_UI en las descargas de archivos en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto omitiese las comprobaciones de malware del sistema operativo mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103917 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/819809 https://security.gentoo.org/glsa/201804-22 • CWE-20: Improper Input Validation •