Page 38 of 1426 results (0.013 seconds)

CVSS: 8.8EPSS: 2%CPEs: 17EXPL: 0

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de enteros en el manejo de rutas conduce a un uso de memoria previamente liberada en Skia en Google Chrome en versiones anteriores a la 71.0.3578.80 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://access.redhat.com/errata/RHSA-2019:0373 https://access.redhat.com/errata/RHSA-2019:0374 https://access.redhat.com/errata/RHSA-2019:1144 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/883666 https://lists.debian.org/debian-lts-announce/2019/02/msg00023.html h • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 0

Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El uso incorrecto con hilos no seguros de SkImage en Canvas en Google Chrome en versiones anteriores a la 71.0.3578.80 permitía a un atacante remoto explotar la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/890576 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18338 https://bugzilla.redhat.com/show_bug.cgi?id=1656552 • CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0

Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page. El manejo incorrecto de URL blob en Site Isolation en Google Chrome, en versiones anteriores a la 71.0.3578.80 permitía a un atacante remoto que había comprometido el proceso "renderer" omitir protecciones de aislamiento de sitios mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/886976 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18345 https://bugzilla.redhat.com/show_bug.cgi?id=1656559 •

CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. El manejo incorrecto de caracteres confundibles en URL Formatter en Google Chrome en versiones anteriores a la 71.0.3578.80 permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante un nombre de dominio manipulado. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/896717 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18355 https://bugzilla.redhat.com/show_bug.cgi?id=1656569 •

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. El ciclo de vida de un objecto incorrecto en PDFium en Google Chrome, en versiones anteriores a la 71.0.3578.80, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante un archivo PDF manipulado. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/898531 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18336 https://bugzilla.redhat.com/show_bug.cgi?id=1656550 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •