CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6125 – chromium-browser: Overly permissive policy in WebUSB
https://notcve.org/view.php?id=CVE-2018-6125
Insufficient policy enforcement in USB in Google Chrome on Windows prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. Una aplicación insuficiente de políticas en USB en Google Chrome en Windows versiones anteriores a 67.0.3396.62, permitía a un atacante remoto obtener información potencialmente confidencial por medio de una página HTML diseñada • https://crbug.com/818592 https://access.redhat.com/security/cve/CVE-2018-6125 https://bugzilla.redhat.com/show_bug.cgi?id=1584034 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6145 – chromium-browser: Incorrect escaping of MathML in Blink
https://notcve.org/view.php?id=CVE-2018-6145
Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Una validación de datos insuficiente en el analizador de HTML en Google Chrome antes de 67.0.3396.62 permitió que un atacante remoto pasara por alto la misma política de origen a través de una página HTML diseñada. • https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html https://crbug.com/805924 https://access.redhat.com/security/cve/CVE-2018-6145 https://bugzilla.redhat.com/show_bug.cgi?id=1584057 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 27%CPEs: 6EXPL: 1CVE-2018-6126 – Skia - Heap Overflow in SkScan::FillPath due to Precision Error
https://notcve.org/view.php?id=CVE-2018-6126
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Un error de precisión en Skia en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante remoto pudiese realizar una escritura de memoria fuera de límites mediante una página HTML manipulada. • https://www.exploit-db.com/exploits/45098 http://www.securityfocus.com/bid/104309 http://www.securityfocus.com/bid/104411 http://www.securitytracker.com/id/1041014 http://www.securitytracker.com/id/1041046 https://access.redhat.com/errata/RHSA-2018:1815 https://access.redhat.com/errata/RHSA-2018:2112 https://access.redhat.com/errata/RHSA-2018:2113 https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html https://crbug.com/844457 https://securit • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6144 – chromium-browser: Out of bounds memory access in PDFium
https://notcve.org/view.php?id=CVE-2018-6144
Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. Un error por un paso en PDFium en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante remoto pudiese realizar una escritura de memoria fuera de límites mediante un archivo PDF manipulado. • http://www.securityfocus.com/bid/104309 http://www.securitytracker.com/id/1041014 https://access.redhat.com/errata/RHSA-2018:1815 https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html https://crbug.com/828049 https://www.debian.org/security/2018/dsa-4237 https://access.redhat.com/security/cve/CVE-2018-6144 https://bugzilla.redhat.com/show_bug.cgi?id=1584056 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 0CVE-2018-6124 – chromium-browser: Type confusion in Blink
https://notcve.org/view.php?id=CVE-2018-6124
Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Confusión de tipos en ReadableStreams en Blink en Google Chrome, en versiones anteriores a la 67.0.3396.62, permitía que un atacante remoto pudiese explotar una corrupción de objetos mediante una página HTML manipulada. • http://www.securityfocus.com/bid/104309 http://www.securitytracker.com/id/1041014 https://access.redhat.com/errata/RHSA-2018:1815 https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html https://crbug.com/840320 https://www.debian.org/security/2018/dsa-4237 https://access.redhat.com/security/cve/CVE-2018-6124 https://bugzilla.redhat.com/show_bug.cgi?id=1584033 • CWE-704: Incorrect Type Conversion or Cast •