CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-17464 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-17464
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. La gestión incorrecta del historial en iOS en la navegación en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/887273 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17464 https://bugzilla.redhat.com/show_bug.cgi?id=1640100 •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-17468 – chromium-browser: Cross-origin URL disclosure in Blink
https://notcve.org/view.php?id=CVE-2018-17468
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. El manejo incorrecto de información de temporización durante la navegación en Blink en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto obtuviese URL de orígenes cruzados mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/876822 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17468 https://bugzilla.redhat.com/show_bug.cgi?id=1640104 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-17469 – chromium-browser: Heap buffer overflow in PDFium
https://notcve.org/view.php?id=CVE-2018-17469
Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. El manejo incorrecto de cadenas de filtrado de PDF en PDFium en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante un archivo PDF manipulado. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/880675 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17469 https://bugzilla.redhat.com/show_bug.cgi?id=1640105 • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-17477 – chromium-browser: UI spoof in Extensions
https://notcve.org/view.php?id=CVE-2018-17477
Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page. La colocación incorrecta de diálogos en Extensions en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto suplantase el contenido de los popups de extensión mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/863703 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17477 https://bugzilla.redhat.com/show_bug.cgi?id=1640115 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-17476 – chromium-browser: Security UI occlusion in full screen mode
https://notcve.org/view.php?id=CVE-2018-17476
Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. La colocación incorrecta de diálogos en Cast UI en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto ocultase la advertencia total de pantalla mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/812769 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17476 https://bugzilla.redhat.com/show_bug.cgi?id=1640113 •