CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2018-18353 – chromium-browser: Inappropriate implementation in Network Authentication
https://notcve.org/view.php?id=CVE-2018-18353
Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page. El error a la hora de descartar los diálogos http auth en la navegación en Network Authentication en Google Chrome en Android en versiones anteriores a la 71.0.3578.80 permitía que un atacante remoto confundiese al usuario sobre el origen de un diálogo auto mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/884179 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18353 https://bugzilla.redhat.com/show_bug.cgi?id=1656567 •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-18352 – chromium-browser: Inappropriate implementation in Media
https://notcve.org/view.php?id=CVE-2018-18352
Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page. Los trabajos del servicio pueden obtener acceso de forma inapropiada al audio cross-origin en Media en Google Chrome, en versiones anteriores a la 71.0.3578.80, permitía que un atacante remoto omitiese la política del mismo origen para el contenido de audio mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/849942 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18352 https://bugzilla.redhat.com/show_bug.cgi?id=1656566 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-18351 – chromium-browser: Insufficient policy enforcement in Navigation
https://notcve.org/view.php?id=CVE-2018-18351
Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page. La falta de validación adecuada de los frames ancestor al enviar cookies lax en Navigation en Google Chrome en versiones anteriores a la 71.0.3578.80 permitía que un atacante remoto omita la política de la cookie SameSite mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/833847 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18351 https://bugzilla.redhat.com/show_bug.cgi?id=1656565 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-18349 – chromium-browser: Insufficient policy enforcement in Blink
https://notcve.org/view.php?id=CVE-2018-18349
Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. Se permitía de manera incorrecta la navegación remota de tramas en Blink en Google Chrome en versiones anteriores a 71.0.3578.80, lo que permitía que un atacante convenciera a un usuario para que instalase una extensión maliciosa y así acceder a archivos en el sistema de archivos local mediante una extensión de Chrome manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/894399 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18349 https://bugzilla.redhat.com/show_bug.cgi?id=1656563 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-18344 – chromium-browser: Inappropriate implementation in Extensions
https://notcve.org/view.php?id=CVE-2018-18344
Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension. La asignación incorrecta de la funcionalidad de protocolo "setDownloadBehavior" en Extensions en Google Chrome en versiones anteriores a 71.0.3578.80 permitía a un atacante remoto con el control de una extensión instalada acceder a archivos en el sistema remoto mediante una extensión de Chrome manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/866426 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18344 https://bugzilla.redhat.com/show_bug.cgi?id=1656558 • CWE-269: Improper Privilege Management •