CVE-2024-1724 – snapd allows $HOME/bin symlink
https://notcve.org/view.php?id=CVE-2024-1724
An attacker who could convince a user to install a malicious snap which used the 'home' plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run by the user outside of the expected snap sandbox and hence allow them to escape confinement. • https://github.com/snapcore/snapd/commit/aa191f97713de8dc3ce3ac818539f0b976eb8ef6 https://github.com/snapcore/snapd/pull/13689 https://gld.mcphail.uk/posts/explaining-cve-2024-1724 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2023-7012
https://notcve.org/view.php?id=CVE-2023-7012
Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. • https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html https://issues.chromium.org/issues/40061509 • CWE-20: Improper Input Validation CWE-138: Improper Neutralization of Special Elements •
CVE-2023-4860
https://notcve.org/view.php?id=CVE-2023-4860
Inappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/40064341 • CWE-303: Incorrect Implementation of Authentication Algorithm •
CVE-2019-25154
https://notcve.org/view.php?id=CVE-2019-25154
Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/40094752 •
CVE-2024-6779
https://notcve.org/view.php?id=CVE-2024-6779
Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/351327767 •