CVSS: 9.6EPSS: 0%CPEs: 6EXPL: 0CVE-2018-17472
https://notcve.org/view.php?id=CVE-2018-17472
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page. La colocación incorrecta de diálogos en WebContents en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto ocultase la advertencia total de pantalla mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/822518 https://security.gentoo.org/glsa/201811-10 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-17473 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-17473
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. El manejo incorrecto de caracteres confundibles en Omnibox en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante un nombre de dominio manipulado. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/882078 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17473 https://bugzilla.redhat.com/show_bug.cgi?id=1640110 •
CVSS: 8.8EPSS: 1%CPEs: 16EXPL: 0CVE-2018-17466 – firefox: Memory corruption in Angle
https://notcve.org/view.php?id=CVE-2018-17466
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. El manejo incorrecto de texturas en Angle en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 http://www.securityfocus.com/bid/106168 https://access.redhat.com/errata/RHSA-2018:3004 https://access.redhat.com/errata/RHSA-2018:3831 https://access.redhat.com/errata/RHSA-2018:3833 https://access.redhat.com/errata/RHSA-2019:0159 https://access.redhat.com/errata/RHSA-2019:0160 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/880906 https://lists.debian.org/debian-lts-announce/2018& • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-17475 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-17475
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. La gestión incorrecta del historial en iOS en la navegación en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/852634 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17475 https://bugzilla.redhat.com/show_bug.cgi?id=1640112 •
CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0CVE-2018-17462 – chromium-browser: Sandbox escape in AppCache
https://notcve.org/view.php?id=CVE-2018-17462
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page. Conteo de referencias incorrecto en AppCache en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto realizase un escape del sandbox mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/888926 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17462 https://bugzilla.redhat.com/show_bug.cgi?id=1640098 • CWE-416: Use After Free •