CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16088 – chromium-browser: User gesture requirement bypass
https://notcve.org/view.php?id=CVE-2018-16088
11 Sep 2018 — A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page. La falta de comprobaciones para los eventos simulados por JS en Blink en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto descargase archivos arbitrarios sin entradas de usuario mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This ... • https://access.redhat.com/errata/RHSA-2018:2666 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 0CVE-2018-16065 – chromium-browser: Out of bounds write in V8
https://notcve.org/view.php?id=CVE-2018-16065
09 Sep 2018 — A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Problemas de reentrada de JavaScript que provocaban un uso de memoria previamente liberada en V8 en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto ejecutase código arbitrario dentro de un sandbox mediante una página HTML manipulada. Chromium is an open-source web browse... • http://www.securityfocus.com/bid/105215 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-16066 – chromium-browser: Out of bounds read in Blink
https://notcve.org/view.php?id=CVE-2018-16066
09 Sep 2018 — A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Blink en Google Chrome en versiones anteriores a la 69.0.3497.81 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issues a... • http://www.securityfocus.com/bid/105215 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-16067 – chromium-browser: Out of bounds read in WebAudio
https://notcve.org/view.php?id=CVE-2018-16067
09 Sep 2018 — A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en WebAudio en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. ... • http://www.securityfocus.com/bid/105215 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0CVE-2018-16068 – chromium-browser: Out of bounds write in Mojo
https://notcve.org/view.php?id=CVE-2018-16068
09 Sep 2018 — Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Falta de validación en Mojo en Google Chrome en versiones anteriores a la 69.0.3497.81 permitía que un atacante remoto realizase un escape del sandbox mediante una página HTML manipulada. Chrome has missing validation in the deserialization routines for both DataPipeConsumerDispatcher and DataPipeProducerDispatcher, which take from the incoming message ... • http://www.securityfocus.com/bid/105215 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 18%CPEs: 4EXPL: 2CVE-2018-16071 – WebRTC - VP9 Processing Use-After-Free
https://notcve.org/view.php?id=CVE-2018-16071
09 Sep 2018 — A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Uso de memoria previamente liberada en WebRTC en Google Chrome en versiones anteriores a la 69.0.3497.81 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo de vídeo manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issu... • https://packetstorm.news/files/id/149459 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16076 – chromium-browser: Out of bounds read in PDFium
https://notcve.org/view.php?id=CVE-2018-16076
09 Sep 2018 — Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. La falta de comprobación de límites en PDFium en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 69.0.3497.81. Issues... • http://www.securityfocus.com/bid/105215 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16078 – chromium-browser: Credit card information leak in Autofill
https://notcve.org/view.php?id=CVE-2018-16078
09 Sep 2018 — Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. La gestión incorrecta de los detalles de la tarjeta de crédito en Autofill en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitían que un atacante remoto pudiese obtener información potencialmente sensible del la memoria del proceso mediante una página HTML manipulada. Chromium is an open-so... • http://www.securityfocus.com/bid/105215 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16079 – chromium-browser: URL spoof in permission dialogs
https://notcve.org/view.php?id=CVE-2018-16079
09 Sep 2018 — A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Una condición de carrera entre los avisos de permiso y navegación en Prompts en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto suplantase el contenido de Omnibox mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. Thi... • http://www.securityfocus.com/bid/105215 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16081 – chromium-browser: Local file access in DevTools
https://notcve.org/view.php?id=CVE-2018-16081
09 Sep 2018 — Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension. Permitir que la API chrome.debugger se ejecutase en las URL file:// en DevTools en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante que hubiese convencido a un usuario para que instale una exte... • http://www.securityfocus.com/bid/105215 • CWE-862: Missing Authorization •