CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6175 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6175
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. • http://www.securityfocus.com/bid/104887 https://access.redhat.com/errata/RHSA-2018:2282 https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html https://crbug.com/826019 https://security.gentoo.org/glsa/201808-01 https://www.debian.org/security/2018/dsa-4256 https://access.redhat.com/security/cve/CVE-2018-6175 https://bugzilla.redhat.com/show_bug.cgi?id=1608199 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6156 – chromium-browser: Heap buffer overflow in WebRTC
https://notcve.org/view.php?id=CVE-2018-6156
Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. La derivación incorrecta de la longitud de un paquete en WebRTC en Google Chrome antes de 68.0.3440.75 permitió que un atacante remoto pudiera explotar la corrupción del montón a través de un archivo de video diseñado. • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html https://crbug.com/841962 https://usn.ubuntu.com/4165-1 https://access.redhat.com/security/cve/CVE-2018-6156 https://bugzilla.redhat.com/show_bug.cgi?id=1608180 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6161 – chromium-browser: Same origin policy bypass in WebAudio
https://notcve.org/view.php?id=CVE-2018-6161
Insufficient policy enforcement in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page. La aplicación insuficiente de políticas en Blink en Google Chrome antes de 68.0.3440.75 permitió que un atacante remoto pasara por alto la misma política de origen a través de una página HTML diseñada. • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html https://crbug.com/826552 https://access.redhat.com/security/cve/CVE-2018-6161 https://bugzilla.redhat.com/show_bug.cgi?id=1608185 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6154 – chromium-browser: Heap buffer overflow in WebGL
https://notcve.org/view.php?id=CVE-2018-6154
Insufficient data validation in WebGL in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La insuficiente validación de datos en WebGL en Google Chrome antes de 68.0.3440.75 permitió a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML diseñada. • https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html https://crbug.com/848914 https://access.redhat.com/security/cve/CVE-2018-6154 https://bugzilla.redhat.com/show_bug.cgi?id=1608178 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6172 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6172
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 68.0.3440.75, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. • http://www.securityfocus.com/bid/104887 https://access.redhat.com/errata/RHSA-2018:2282 https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html https://crbug.com/847242 https://security.gentoo.org/glsa/201808-01 https://www.debian.org/security/2018/dsa-4256 https://access.redhat.com/security/cve/CVE-2018-6172 https://bugzilla.redhat.com/show_bug.cgi?id=1608196 •