CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6037 – chromium-browser: insufficient user gesture requirements in autofill
https://notcve.org/view.php?id=CVE-2018-6037
Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page. Implementación inapropiada en autofill en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto obtuviese datos de autofill con gestos insuficientes del usuario mediante una página HTML manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/753645 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6037 https://bugzilla.redhat.com/show_bug.cgi?id=1538509 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6052 – chromium-browser: incomplete no-referrer policy implementation
https://notcve.org/view.php?id=CVE-2018-6052
Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data. La falta de soporte para un valor de política no-referrer no estándar, no-referrer en Blink en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto obtuviese detalles de referrer de una página web que pensaba que había rechazado el envío de datos de referrer. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/615608 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6052 https://bugzilla.redhat.com/show_bug.cgi?id=1538524 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6042 – chromium-browser: url spoof in omnibox
https://notcve.org/view.php?id=CVE-2018-6042
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Implementación inapropiada en Omnibox en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/773930 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6042 https://bugzilla.redhat.com/show_bug.cgi?id=1538514 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6047 – chromium-browser: cross origin url leak in webgl
https://notcve.org/view.php?id=CVE-2018-6047
Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page. Aplicación de políticas insuficiente en WebGL en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase URL de redirección del usuario mediante una página HTML manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/799847 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6047 https://bugzilla.redhat.com/show_bug.cgi?id=1538518 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6031 – chromium-browser: use after free in pdfium
https://notcve.org/view.php?id=CVE-2018-6031
Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Uso de memoria previamente liberada en PDFium en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo PDF manipulado. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/780450 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6031 https://bugzilla.redhat.com/show_bug.cgi?id=1538503 • CWE-416: Use After Free •