CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6050 – chromium-browser: url spoof in omnibox
https://notcve.org/view.php?id=CVE-2018-6050
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Implementación inapropiada en Omnibox en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/774842 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6050 https://bugzilla.redhat.com/show_bug.cgi?id=1538522 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6041 – chromium-browser: url spoof in navigation
https://notcve.org/view.php?id=CVE-2018-6041
Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Interfaz de usuario de seguridad incorrecta en la navegación en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/760342 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6041 https://bugzilla.redhat.com/show_bug.cgi?id=1538513 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6046 – chromium-browser: insufficient isolation of devtools from extensions
https://notcve.org/view.php?id=CVE-2018-6046
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. Validación de datos insuficiente en DevTools en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase datos cross-origin de un usuario mediante una extensión de Chrome manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/798163 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6046 https://bugzilla.redhat.com/show_bug.cgi?id=1538517 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6048 – chromium-browser: referrer policy bypass in blink
https://notcve.org/view.php?id=CVE-2018-6048
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page. Aplicación de políticas insuficiente en Blink en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase información de referrer mediante una página HTML manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/763194 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6048 https://bugzilla.redhat.com/show_bug.cgi?id=1538519 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6035 – chromium-browser: insufficient isolation of devtools from extensions
https://notcve.org/view.php?id=CVE-2018-6035
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. Una aplicación de políticas insuficiente en DevTools en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase datos de archivos locales de un usuario mediante una extensión de Chrome manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/797500 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6035 https://bugzilla.redhat.com/show_bug.cgi?id=1538507 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •