CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6118 – chromium-browser: Use after free in Media Cache
https://notcve.org/view.php?id=CVE-2018-6118
A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Un doble desalojo en la memoria caché en modo Incógnito que llevó a un usuario después de la memoria caché libre en Google Chrome antes de 66.0.3359.139 permitió que un atacante remoto que había comprometido el proceso del renderizador ejecutara código arbitrario a través de una página HTML elaborada. • https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop_26.html https://crbug.com/831963 https://access.redhat.com/security/cve/CVE-2018-6118 https://bugzilla.redhat.com/show_bug.cgi?id=1573856 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6109 – chromium-browser: Incorrect handling of files by FileAPI
https://notcve.org/view.php?id=CVE-2018-6109
readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page. readAsText() puede leer indefinidamente el archivo escogido por el usuario, en lugar de solo una vez cuando se elige el archivo en la API File en Google Chrome , en versiones anteriores a la 66.0.3359.117, lo que permitía que un atacante remoto accediese a los datos en el sistema de archivos del usuario sin consentimiento explícito mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103917 https://access.redhat.com/errata/RHSA-2018:1195 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/710190 https://security.gentoo.org/glsa/201804-22 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6109 https://bugzilla.redhat.com/show_bug.cgi?id=1568789 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 25%CPEs: 6EXPL: 1CVE-2018-6092 – Google Chrome - Integer Overflow when Processing WebAssembly Locals
https://notcve.org/view.php?id=CVE-2018-6092
An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Un desbordamiento de enteros en sistemas de 32 bits en WebAssembly en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto ejecutase código arbitrario dentro de un sandbox mediante una página HTML manipulada. Google Chrome suffers from an integer overflow vulnerability when processing WebAssembly Locals. • https://www.exploit-db.com/exploits/44860 http://www.securityfocus.com/bid/103917 https://access.redhat.com/errata/RHSA-2018:1195 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/819869 https://security.gentoo.org/glsa/201804-22 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6092 https://bugzilla.redhat.com/show_bug.cgi?id=1568769 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6093 – chromium-browser: Same origin bypass in Service Worker
https://notcve.org/view.php?id=CVE-2018-6093
Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Comprobación de origen insuficiente en Blink en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto filtrase los datos cross-origin mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103917 https://access.redhat.com/errata/RHSA-2018:1195 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/780435 https://security.gentoo.org/glsa/201804-22 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6093 https://bugzilla.redhat.com/show_bug.cgi?id=1568770 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6095 – chromium-browser: Lack of meaningful user interaction requirement before file upload
https://notcve.org/view.php?id=CVE-2018-6095
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page. La eliminación incorrecta del selector de archivos en los eventos del teclado en Blink en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto leyese archivos locales mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103917 https://access.redhat.com/errata/RHSA-2018:1195 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/637098 https://security.gentoo.org/glsa/201804-22 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6095 https://bugzilla.redhat.com/show_bug.cgi?id=1568773 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •