CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0CVE-2018-16068 – chromium-browser: Out of bounds write in Mojo
https://notcve.org/view.php?id=CVE-2018-16068
Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Falta de validación en Mojo en Google Chrome en versiones anteriores a la 69.0.3497.81 permitía que un atacante remoto realizase un escape del sandbox mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105215 https://access.redhat.com/errata/RHSA-2018:2666 https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html https://crbug.com/877182 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4289 https://access.redhat.com/security/cve/CVE-2018-16068 https://bugzilla.redhat.com/show_bug.cgi?id=1625470 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16069 – chromium-browser: Out of bounds read in SwiftShader
https://notcve.org/view.php?id=CVE-2018-16069
Unintended floating-point error accumulation in SwiftShader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La acumulación involuntaria de errores de punto flotante en SwiftShader en Google Chrome antes del 69.0.3497.81 permitió a un atacante remoto filtrar datos de cross-origin través de una página HTML creada. • https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html https://crbug.com/848238 https://access.redhat.com/security/cve/CVE-2018-16069 https://bugzilla.redhat.com/show_bug.cgi?id=1625471 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16070 – chromium-browser: Integer overflow in Skia
https://notcve.org/view.php?id=CVE-2018-16070
Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Los desbordamientos de enteros en Skia en Google Chrome antes de 69.0.3497.81 permitieron a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML diseñada. • https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html https://crbug.com/848716 https://access.redhat.com/security/cve/CVE-2018-16070 https://bugzilla.redhat.com/show_bug.cgi?id=1625472 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 11%CPEs: 4EXPL: 1CVE-2018-16071 – WebRTC - VP9 Processing Use-After-Free
https://notcve.org/view.php?id=CVE-2018-16071
A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Uso de memoria previamente liberada en WebRTC en Google Chrome en versiones anteriores a la 69.0.3497.81 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo de vídeo manipulado. There is a use-after-free vulnerability in VP9 processing in WebRTC. • https://www.exploit-db.com/exploits/45443 http://www.securityfocus.com/bid/105215 https://access.redhat.com/errata/RHSA-2018:2666 https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html https://crbug.com/855211 https://security.gentoo.org/glsa/201811-10 https://access.redhat.com/security/cve/CVE-2018-16071 https://bugzilla.redhat.com/show_bug.cgi?id=1625473 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16073 – chromium-browser: Site Isolation bypass after tab restore
https://notcve.org/view.php?id=CVE-2018-16073
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page. La aplicación insuficiente de políticas en el aislamiento del sitio en Google Chrome antes de 69.0.3497.81 permitió a un atacante remoto omitir el aislamiento del sitio a través de una página HTML diseñada. • https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html https://crbug.com/863069 https://access.redhat.com/security/cve/CVE-2018-16073 https://bugzilla.redhat.com/show_bug.cgi?id=1625475 • CWE-285: Improper Authorization •