CVSS: 8.8EPSS: 97%CPEs: 5EXPL: 6CVE-2018-17463 – Google Chromium V8 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17463
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Anotación de efecto secundario en V8 en Google Chrome en versiones anteriores a la 70.0.3538.64 permitía que un atacante remoto ejecutase código arbitrario dentro de un sandbox mediante una página HTML manipulada. Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://www.exploit-db.com/exploits/48184 https://github.com/jhalon/CVE-2018-17463 https://github.com/kdmarti2/CVE-2018-17463 http://packetstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.html http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/888923 https://security.gentoo.org/glsa/201811-10 https://www.d •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-17459 – chromium-browser: URL Spoofing in Omnibox
https://notcve.org/view.php?id=CVE-2018-17459
Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. La gestión incorrecta de los clics en Omnibox (barra de direcciones) en Navigation en Google Chrome, en versiones anteriores a la 69.0.3497.92, permitía que un atacante remoto suplantase el contenido de Omnibox mediante una página HTML manipulada. • https://access.redhat.com/errata/RHSA-2018:2818 https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_11.html https://crbug.com/880759 https://access.redhat.com/security/cve/CVE-2018-17459 https://bugzilla.redhat.com/show_bug.cgi?id=1628080 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-17458 – chromium-browser: Function signature mismatch in WebAssembly
https://notcve.org/view.php?id=CVE-2018-17458
An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Una actualización incorrecta de la tabla "dispatch" de WebAssembly en WebAssembly en Google Chrome, en versiones anteriores a la 69.0.3497.92, permitía que un atacante remoto ejecutase código arbitrario dentro de un sandbox mediante una página HTML manipulada. • https://access.redhat.com/errata/RHSA-2018:2818 https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_11.html https://crbug.com/875322 https://access.redhat.com/security/cve/CVE-2018-17458 https://bugzilla.redhat.com/show_bug.cgi?id=1628078 • CWE-129: Improper Validation of Array Index •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6119 – chromium-browser: Spoof of contents of the Omnibox (URL bar) via a crafted HTML page
https://notcve.org/view.php?id=CVE-2018-6119
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Interfaz de usuario de seguridad incorrecta en Omnibox en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105512 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/784761 https://access.redhat.com/security/cve/CVE-2018-6119 https://bugzilla.redhat.com/show_bug.cgi?id=1633390 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16088 – chromium-browser: User gesture requirement bypass
https://notcve.org/view.php?id=CVE-2018-16088
A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page. La falta de comprobaciones para los eventos simulados por JS en Blink en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto descargase archivos arbitrarios sin entradas de usuario mediante una página HTML manipulada. • https://access.redhat.com/errata/RHSA-2018:2666 https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html https://crbug.com/848531 https://security.gentoo.org/glsa/201811-10 https://access.redhat.com/security/cve/CVE-2018-16088 https://bugzilla.redhat.com/show_bug.cgi?id=1626286 • CWE-20: Improper Input Validation •