Page 350 of 2459 results (0.022 seconds)

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page. El error a la hora de deshabilitar la instalación PWA de páginas CSP en sandbox en AppManifest en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto accediese a API privilegiadas mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/771709 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6083 https://bugzilla.redhat.com/show_bug.cgi?id=1552500 •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La falta de comprobación de CORS de ResourceFetcher/ResourceLoader en Blink en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto filtrase datos de orígenes cruzados mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/799477 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6066 https://bugzilla.redhat.com/show_bug.cgi?id=1552483 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 96%CPEs: 6EXPL: 3

Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Desbordamiento de enteros en el cálculo del tamaño de asignación requerido al instanciar un nuevo objeto JavaScript en V8 en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the CalculateInstanceSizeHelper function. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. • https://www.exploit-db.com/exploits/44584 https://github.com/b1tg/CVE-2018-6065-exploit http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/808192 https://www.debian.org/security/2018/dsa-4182 https://www.zerodayinitiative.com/advisories/ZDI-19-367 https://access.redhat.com/security/cve/CVE-2018-6065 https://bugzilla.redhat.com/show_bug&# • CWE-190: Integer Overflow or Wraparound •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Los filtros de mapa de desplazamiento que se aplican a las imágenes de origen cruzado en el renderizado Blink SVG en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto filtrase datos de orígenes cruzados mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/778506 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6077 https://bugzilla.redhat.com/show_bug.cgi?id=1552494 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Una escritura de desbordamiento de búfer basado en memoria dinámica (heap) en Skia en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese realizar una escritura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/780104 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6062 https://bugzilla.redhat.com/show_bug.cgi?id=1552478 • CWE-787: Out-of-bounds Write •