CVE-2018-16086 – chromium-browser: Script injection in New Tab Page
https://notcve.org/view.php?id=CVE-2018-16086
Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. La aplicación de políticas insuficientes en la API de extensiones en Google Chrome antes de 69.0.3497.81 permitió a un atacante que convenció a un usuario de instalar una extensión maliciosa para evitar las restricciones de navegación a través de una extensión de Chrome diseñada. • https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html https://crbug.com/844428 https://access.redhat.com/security/cve/CVE-2018-16086 https://bugzilla.redhat.com/show_bug.cgi?id=1626288 • CWE-285: Improper Authorization •
CVE-2018-16087 – chromium-browser: Multiple download restriction bypass
https://notcve.org/view.php?id=CVE-2018-16087
Lack of proper state tracking in Permissions in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. La falta de un rastreo de estado adecuado en Permissions en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto omitiese las restricciones de navegación mediante una página HTML manipulada. • https://access.redhat.com/errata/RHSA-2018:2666 https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html https://crbug.com/848535 https://security.gentoo.org/glsa/201811-10 https://access.redhat.com/security/cve/CVE-2018-16087 https://bugzilla.redhat.com/show_bug.cgi?id=1626287 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2018-16088 – chromium-browser: User gesture requirement bypass
https://notcve.org/view.php?id=CVE-2018-16088
A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page. La falta de comprobaciones para los eventos simulados por JS en Blink en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto descargase archivos arbitrarios sin entradas de usuario mediante una página HTML manipulada. • https://access.redhat.com/errata/RHSA-2018:2666 https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html https://crbug.com/848531 https://security.gentoo.org/glsa/201811-10 https://access.redhat.com/security/cve/CVE-2018-16088 https://bugzilla.redhat.com/show_bug.cgi?id=1626286 • CWE-20: Improper Input Validation •
CVE-2018-16065 – chromium-browser: Out of bounds write in V8
https://notcve.org/view.php?id=CVE-2018-16065
A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Problemas de reentrada de JavaScript que provocaban un uso de memoria previamente liberada en V8 en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto ejecutase código arbitrario dentro de un sandbox mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105215 https://access.redhat.com/errata/RHSA-2018:2666 https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html https://crbug.com/867776 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4289 https://access.redhat.com/security/cve/CVE-2018-16065 https://bugzilla.redhat.com/show_bug.cgi?id=1625466 • CWE-416: Use After Free •
CVE-2018-16066 – chromium-browser: Out of bounds read in Blink
https://notcve.org/view.php?id=CVE-2018-16066
A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Blink en Google Chrome en versiones anteriores a la 69.0.3497.81 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105215 https://access.redhat.com/errata/RHSA-2018:2666 https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html https://crbug.com/847570 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4289 https://access.redhat.com/security/cve/CVE-2018-16066 https://bugzilla.redhat.com/show_bug.cgi?id=1625467 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •