Page 353 of 2385 results (0.007 seconds)

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Un desbordamiento de enteros que conduce a un uso de memoria previamente liberada en PDFium en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo PDF manipulado. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/791048 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6072 https://bugzilla.redhat.com/show_bug.cgi?id=1552489 • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0

Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction. El manejo incorrecto de nombres de archivo especificados en las descargas de archivo en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto filtrase datos de orígenes cruzados mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/608669 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6075 https://bugzilla.redhat.com/show_bug.cgi?id=1552492 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page. El cifrado insuficiente de identificadores de fragmentos de URL en Blink en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto realizase un ataque Cross-Site Scripting (XSS) basado en DOM mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/758523 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6076 https://bugzilla.redhat.com/show_bug.cgi?id=1552493 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page. El error al aplicar Mark-of-the-Web en las descargas en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto omitiese los controles de nivel del sistema operativo mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/809759 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6074 https://bugzilla.redhat.com/show_bug.cgi?id=1552491 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en WebAudio en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/780919 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6060 https://bugzilla.redhat.com/show_bug.cgi?id=1552476 • CWE-416: Use After Free •