CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6076 – chromium-browser: incorrect handling of url fragment identifiers in blink
https://notcve.org/view.php?id=CVE-2018-6076
Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page. El cifrado insuficiente de identificadores de fragmentos de URL en Blink en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto realizase un ataque Cross-Site Scripting (XSS) basado en DOM mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/758523 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6076 https://bugzilla.redhat.com/show_bug.cgi?id=1552493 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6074 – chromium-browser: mark-of-the-web bypass
https://notcve.org/view.php?id=CVE-2018-6074
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page. El error al aplicar Mark-of-the-Web en las descargas en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto omitiese los controles de nivel del sistema operativo mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/809759 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6074 https://bugzilla.redhat.com/show_bug.cgi?id=1552491 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6060 – chromium-browser: use-after-free in blink
https://notcve.org/view.php?id=CVE-2018-6060
Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en WebAudio en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/780919 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6060 https://bugzilla.redhat.com/show_bug.cgi?id=1552476 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6080 – chromium-browser: information disclosure in ipc call
https://notcve.org/view.php?id=CVE-2018-6080
Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes . La falta de comprobaciones de control de acceso en Instrumentation en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto que había comprometido el proceso renderer obtuviese metadatos de la memoria de procesos privilegiados. Chromium suffers from an information disclosure vulnerability via the memory_instrumentation::mojom::Coordinator interface in the resource_coordinator service. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/792028 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6080 https://bugzilla.redhat.com/show_bug.cgi?id=1552497 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-6063 – chromium-browser: incorrect permissions on shared memory
https://notcve.org/view.php?id=CVE-2018-6063
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. El uso incorrecto de mojo::WrapSharedMemoryHandle en Mojo en Google Chrome en versiones anteriores a la 65.0.3325.146 permitía que un atacante remoto que hubiese comprometido el proceso renderer pudiese realizar una escritura de memoria fuera de límites mediante una página HTML manipulada. Chromium suffers from an issue where calling mojo::WrapSharedMemoryHandle is insufficient to produce read-only descriptors for IPC. • http://www.securityfocus.com/bid/103297 https://access.redhat.com/errata/RHSA-2018:0484 https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html https://crbug.com/792900 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6063 https://bugzilla.redhat.com/show_bug.cgi?id=1552480 • CWE-787: Out-of-bounds Write •