CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-17481 – chromium-browser: Use after frees in PDFium
https://notcve.org/view.php?id=CVE-2018-17481
Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. El manejo incorrecto del ciclo de vida de objetos en PDFium en Google Chrome, en versiones anteriores a la 71.0.3578.98, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo PDF manipulado. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html https://crbug.com/901654 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://www.debian.org/security/2019/dsa-4395 https://access.redhat.com/security/cve/CVE-2018-17481 https:&#x • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-18346 – chromium-browser: Incorrect security UI in Blink
https://notcve.org/view.php?id=CVE-2018-18346
Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page. El manejo incorrecto de cuadros de alertas emergentes en Blink en Google Chrome en versiones anteriores a la 71.0.3578.80, permitía a un atacante remoto presentar interfaces de usuario de navegador confusas mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/606104 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18346 https://bugzilla.redhat.com/show_bug.cgi?id=1656560 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6115
https://notcve.org/view.php?id=CVE-2018-6115
Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page. La configuración incorrecta de la marca SEE_MASK_FLAG_NO_UI en las descargas de archivos en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto omitiese las comprobaciones de malware del sistema operativo mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103917 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/819809 https://security.gentoo.org/glsa/201804-22 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 2%CPEs: 6EXPL: 0CVE-2018-6116 – chromium-browser: Incorrect low memory handling in WebAssembly
https://notcve.org/view.php?id=CVE-2018-6116
A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Una desreferencia nullptr en WebAssembly en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto pudiese realizar un acceso a la memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103917 https://access.redhat.com/errata/RHSA-2018:1195 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/822266 https://security.gentoo.org/glsa/201804-22 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6116 https://bugzilla.redhat.com/show_bug.cgi?id=1568796 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17479 – chromium-browser: Use-after-free in GPU
https://notcve.org/view.php?id=CVE-2018-17479
Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Los cálculos incorrectos de la vida útil del objeto en el código de GPU en Google Chrome antes del 70.0.3538.110 permitieron a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML diseñada. • https://chromereleases.googleblog.com/2018/11/stable-channel-update-for-chrome-os.html https://crbug.com/905336 https://access.redhat.com/security/cve/CVE-2018-17479 https://bugzilla.redhat.com/show_bug.cgi?id=1651487 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •