CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6052 – chromium-browser: incomplete no-referrer policy implementation
https://notcve.org/view.php?id=CVE-2018-6052
Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data. La falta de soporte para un valor de política no-referrer no estándar, no-referrer en Blink en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto obtuviese detalles de referrer de una página web que pensaba que había rechazado el envío de datos de referrer. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/615608 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6052 https://bugzilla.redhat.com/show_bug.cgi?id=1538524 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6053 – chromium-browser: leak of page thumbnails in new tab page
https://notcve.org/view.php?id=CVE-2018-6053
Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page. Implementación inapropiada en New Tab Page en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante local viese las imágenes en miniatura de un sitio web tras limpiar los datos del navegador mediante una página HTML manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/758169 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6053 https://bugzilla.redhat.com/show_bug.cgi?id=1538525 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2018-6054 – chromium-browser: use after free in webui
https://notcve.org/view.php?id=CVE-2018-6054
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. Uso de memoria previamente liberada en WebUI en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una extensión de Chrome manipulada. • http://www.securityfocus.com/bid/102797 http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2018:0265 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/797511 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2018-6054 https://bugzilla.redhat.com/show_bug.cgi?id=1538526 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6055 – chromium-browser: Insufficient policy enforcement in Catalog Service
https://notcve.org/view.php?id=CVE-2018-6055
Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page. Aplicación de políticas insuficiente en Catalog Service en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto ejecutase código arbitrario fuera del sandbox mediante una página HTML manipulada. Chromium suffers from a sandbox escape vulnerability via an exposed filesystem::mojom::Directory mojo interface in the catalog service. • http://www.securityfocus.com/bid/105516 https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html https://crbug.com/791003 https://access.redhat.com/security/cve/CVE-2018-6055 https://bugzilla.redhat.com/show_bug.cgi?id=1633393 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0CVE-2015-1290
https://notcve.org/view.php?id=CVE-2015-1290
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. El motor Google V8, tal y como se utiliza en Google Chrome en versiones anteriores a la 44.0.2403.89 y QtWebEngineCore en Qt en versiones anteriores a la 5.5.1, permiten que atacantes remotos provoquen una denegación de servicio (corrupción de memoria) o ejecuten código arbitrario mediante un sitio web manipulado. • http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1 http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html http://www.nsfocus.net/index.php?act=advisory&do=view&adv_id=80 https://bugs.chromium.org/p/chromium/issues/detail?id=505374 https://codereview.chromium.org/1233453004 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •