CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6083 – chromium-browser: incorrect processing of appmanifests
https://notcve.org/view.php?id=CVE-2018-6083
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page. El error a la hora de deshabilitar la instalación PWA de páginas CSP en sandbox en AppManifest en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto accediese a API privilegiadas mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/771709 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6083 https://bugzilla.redhat.com/show_bug.cgi?id=1552500 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6080 – chromium-browser: information disclosure in ipc call
https://notcve.org/view.php?id=CVE-2018-6080
Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes . La falta de comprobaciones de control de acceso en Instrumentation en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto que había comprometido el proceso renderer obtuviese metadatos de la memoria de procesos privilegiados. Chromium suffers from an information disclosure vulnerability via the memory_instrumentation::mojom::Coordinator interface in the resource_coordinator service. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/792028 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6080 https://bugzilla.redhat.com/show_bug.cgi?id=1552497 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6063 – chromium-browser: incorrect permissions on shared memory
https://notcve.org/view.php?id=CVE-2018-6063
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. El uso incorrecto de mojo::WrapSharedMemoryHandle en Mojo en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto que hubiese comprometido el proceso renderer pudiese realizar una escritura de memoria fuera de límites mediante una página HTML manipulada. Chromium suffers from an issue where calling mojo::WrapSharedMemoryHandle is insufficient to produce read-only descriptors for IPC. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/792900 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6063 https://bugzilla.redhat.com/show_bug.cgi?id=1552480 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6057 – chromium-browser: incorrect permissions on shared memory
https://notcve.org/view.php?id=CVE-2018-6057
Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page. La falta de una convención especial de Android ashmem en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto que había comprometido el proceso renderer omitiese las garantías de solo lectura del proceso intermedio mediante una página HTML manipulada. Chromium suffers from an issues where read-only SharedMemory descriptors on Android are writable. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/789959 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6057 https://bugzilla.redhat.com/show_bug.cgi?id=1552479 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 2%CPEs: 6EXPL: 0CVE-2018-6056 – chromium-browser: incorrect derived class instantiation in v8
https://notcve.org/view.php?id=CVE-2018-6056
Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Una confusión de tipos podría conducir a una escritura fuera de límites en V8 en Google Chrome, en versiones anteriores a la 64.0.3282.168, lo que permite que un atacante remoto ejecute código arbitrario dentro de un sandbox mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103003 https://access.redhat.com/errata/RHSA-2018:0334 https://chromereleases.googleblog.com/2018/02/stable-channel-update-for-desktop_13.html https://crbug.com/806388 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6056 https://bugzilla.redhat.com/show_bug.cgi?id=1545062 • CWE-704: Incorrect Type Conversion or Cast •