Page 38 of 1428 results (0.014 seconds)

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

CVE-2018-18344 – chromium-browser: Inappropriate implementation in Extensions

https://notcve.org/view.php?id=CVE-2018-18344

Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension. La asignación incorrecta de la funcionalidad de protocolo "setDownloadBehavior" en Extensions en Google Chrome en versiones anteriores a 71.0.3578.80 permitía a un atacante remoto con el control de una extensión instalada acceder a archivos en el sistema remoto mediante una extensión de Chrome manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/866426 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18344 https://bugzilla.redhat.com/show_bug.cgi?id=1656558 • CWE-269: Improper Privilege Management •

CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0

CVE-2018-18345 – chromium-browser: Inappropriate implementation in Site Isolation

https://notcve.org/view.php?id=CVE-2018-18345

Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page. El manejo incorrecto de URL blob en Site Isolation en Google Chrome, en versiones anteriores a la 71.0.3578.80 permitía a un atacante remoto que había comprometido el proceso "renderer" omitir protecciones de aislamiento de sitios mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/886976 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18345 https://bugzilla.redhat.com/show_bug.cgi?id=1656559 •

CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0

CVE-2018-18348 – chromium-browser: Inappropriate implementation in Omnibox

https://notcve.org/view.php?id=CVE-2018-18348

Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. El manejo incorrecto de nombres de dominio bidireccionales con caracteres RTL en Omnibox en Google Chrome, en versiones anteriores a la 71.0.3578.80, permitía que un atacante remoto suplante el contenido del Omnibox (barra de URL) mediante un nombre de dominio manipulado. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/881659 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18348 https://bugzilla.redhat.com/show_bug.cgi?id=1656562 •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-18349 – chromium-browser: Insufficient policy enforcement in Blink

https://notcve.org/view.php?id=CVE-2018-18349

Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. Se permitía de manera incorrecta la navegación remota de tramas en Blink en Google Chrome en versiones anteriores a 71.0.3578.80, lo que permitía que un atacante convenciera a un usuario para que instalase una extensión maliciosa y así acceder a archivos en el sistema de archivos local mediante una extensión de Chrome manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/894399 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18349 https://bugzilla.redhat.com/show_bug.cgi?id=1656563 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0

CVE-2018-18350 – chromium-browser: Insufficient policy enforcement in Blink

https://notcve.org/view.php?id=CVE-2018-18350

Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. El manejo incorrecto de la aplicación de la política de seguridad de contenido (CSP) durante la navegación en Blink en Google Chrome en versiones anteriores a la 71.0.3578.80 permitía que un atacante remoto omitiese la política de seguridad de contenido (CSP) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/799747 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18350 https://bugzilla.redhat.com/show_bug.cgi?id=1656564 •