CVE-2018-6039 – chromium-browser: xss in devtools
https://notcve.org/view.php?id=CVE-2018-6039
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. Validación de datos insuficiente en DevTools en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase datos cross-origin de un usuario mediante una extensión de Chrome manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/775527 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6039 https://bugzilla.redhat.com/show_bug.cgi?id=1538511 • CWE-20: Improper Input Validation •
CVE-2018-6033 – chromium-browser: race when opening downloaded files
https://notcve.org/view.php?id=CVE-2018-6033
Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension. Validación de datos insuficiente en Downloads en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto ejecutase código arbitrario fuera del sandbox mediante una extensión de Chrome manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/793620 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6033 https://bugzilla.redhat.com/show_bug.cgi?id=1538505 • CWE-20: Improper Input Validation •
CVE-2018-6036 – chromium-browser: integer underflow in webassembly
https://notcve.org/view.php?id=CVE-2018-6036
Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page. Validación de datos insuficiente en V8 en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase datos de archivos locales de un usuario mediante una página HTML manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/789952 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6036 https://bugzilla.redhat.com/show_bug.cgi?id=1538508 • CWE-20: Improper Input Validation •
CVE-2018-6045 – chromium-browser: insufficient isolation of devtools from extensions
https://notcve.org/view.php?id=CVE-2018-6045
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. Una aplicación de políticas insuficiente en DevTools en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase datos de archivos locales de un usuario mediante una extensión de Chrome manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/797497 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6045 https://bugzilla.redhat.com/show_bug.cgi?id=1538516 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-6037 – chromium-browser: insufficient user gesture requirements in autofill
https://notcve.org/view.php?id=CVE-2018-6037
Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page. Implementación inapropiada en autofill en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto obtuviese datos de autofill con gestos insuficientes del usuario mediante una página HTML manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/753645 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6037 https://bugzilla.redhat.com/show_bug.cgi?id=1538509 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •