CVE-2018-6050 – chromium-browser: url spoof in omnibox
https://notcve.org/view.php?id=CVE-2018-6050
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Implementación inapropiada en Omnibox en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/774842 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6050 https://bugzilla.redhat.com/show_bug.cgi?id=1538522 • CWE-20: Improper Input Validation •
CVE-2018-6035 – chromium-browser: insufficient isolation of devtools from extensions
https://notcve.org/view.php?id=CVE-2018-6035
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. Una aplicación de políticas insuficiente en DevTools en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase datos de archivos locales de un usuario mediante una extensión de Chrome manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/797500 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6035 https://bugzilla.redhat.com/show_bug.cgi?id=1538507 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-6055 – chromium-browser: Insufficient policy enforcement in Catalog Service
https://notcve.org/view.php?id=CVE-2018-6055
Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page. Aplicación de políticas insuficiente en Catalog Service en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto ejecutase código arbitrario fuera del sandbox mediante una página HTML manipulada. Chromium suffers from a sandbox escape vulnerability via an exposed filesystem::mojom::Directory mojo interface in the catalog service. • http://www.securityfocus.com/bid/105516 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/791003 https://access.redhat.com/security/cve/CVE-2018-6055 https://bugzilla.redhat.com/show_bug.cgi?id=1633393 • CWE-20: Improper Input Validation •
CVE-2015-1290
https://notcve.org/view.php?id=CVE-2015-1290
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. El motor Google V8, tal y como se utiliza en Google Chrome en versiones anteriores a la 44.0.2403.89 y QtWebEngineCore en Qt en versiones anteriores a la 5.5.1, permiten que atacantes remotos provoquen una denegación de servicio (corrupción de memoria) o ejecuten código arbitrario mediante un sitio web manipulado. • http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1 http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html http://www.nsfocus.net/index.php?act=advisory&do=view&adv_id=80 https://bugs.chromium.org/p/chromium/issues/detail?id=505374 https://codereview.chromium.org/1233453004 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-1000460
https://notcve.org/view.php?id=CVE-2017-1000460
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception. En la línea libavcodec/h264dec.c:500 en libav (v13_dev0), ffmpeg (n3.4) y chromium (56 anterior al 13 de febrero de 2017), el valor de retorno de init_get_bits se ignora y se llama a get_ue_golomb (gb) en un contexto get_bits no inicializado. Esto desemboca en una excepción NULL deref. • https://bugzilla.libav.org/show_bug.cgi?id=952 https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/8e313ca08800178efce00045e07dc494d437b70c https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html https://lists.ffmpeg.org/pipermail/ffmpeg-cvslog/2017-January/104221.html • CWE-476: NULL Pointer Dereference •