CVSS: 8.8EPSS: 25%CPEs: 6EXPL: 1CVE-2018-6092 – Google Chrome - Integer Overflow when Processing WebAssembly Locals
https://notcve.org/view.php?id=CVE-2018-6092
An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Un desbordamiento de enteros en sistemas de 32 bits en WebAssembly en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto ejecutase código arbitrario dentro de un sandbox mediante una página HTML manipulada. Google Chrome suffers from an integer overflow vulnerability when processing WebAssembly Locals. • https://www.exploit-db.com/exploits/44860 http://www.securityfocus.com/bid/103917 https://access.redhat.com/errata/RHSA-2018:1195 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/819869 https://security.gentoo.org/glsa/201804-22 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6092 https://bugzilla.redhat.com/show_bug.cgi?id=1568769 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 11%CPEs: 6EXPL: 0CVE-2018-6101 – chromium-browser: Insufficient protection of remote debugging prototol in DevTools
https://notcve.org/view.php?id=CVE-2018-6101
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server. La falta de validación del host en DevTools en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante remoto ejecutase código arbitrario mediante una página HTML manipulada si el usuario está ejecutando un servidor de depuración DevTools remoto. • http://www.securityfocus.com/bid/103917 https://access.redhat.com/errata/RHSA-2018:1195 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/813540 https://security.gentoo.org/glsa/201804-22 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6101 https://bugzilla.redhat.com/show_bug.cgi?id=1568779 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2018-6084 – Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-6084
Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file. Los objetos distribuidos poco saneados en Updater en Google Chrome, en versiones anteriores a la 66.0.3359.117 para macOS, permitían que un atacante local ejecutase código arbitrario mediante un archivo ejecutable. Google software updater suffers from a local privilege escalation vulnerability on MacOS due to unsafe use of Distributed Objects. • https://www.exploit-db.com/exploits/44307 http://www.securityfocus.com/bid/103468 http://www.securityfocus.com/bid/103917 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/822424 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6068
https://notcve.org/view.php?id=CVE-2018-6068
Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Problemas de ciclo de vida de objetos en Chrome Custom Tab en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103297 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/798933 https://www.debian.org/security/2018/dsa-4182 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6062 – chromium-browser: heap buffer overflow in skia
https://notcve.org/view.php?id=CVE-2018-6062
Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Una escritura de desbordamiento de búfer basado en memoria dinámica (heap) en Skia en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese realizar una escritura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/780104 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6062 https://bugzilla.redhat.com/show_bug.cgi?id=1552478 • CWE-787: Out-of-bounds Write •