CVE-2018-6152 – chromium-browser: Local file write in DevTools
https://notcve.org/view.php?id=CVE-2018-6152
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction. La implementación del backend Page.downloadBehavior marcaba incondicionalmente los archivos descargados como seguros, independientemente del tipo de archivo en Google Chrome, en versiones anteriores a la 66.0.3359.117, permitía que un atacante convenza a un usuario para que realice un escape del sandbox mediante una página HTML manipulada y la interacción del usuario. • http://www.securityfocus.com/bid/104887 https://access.redhat.com/errata/RHSA-2018:2282 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/805445 https://security.gentoo.org/glsa/201808-01 https://www.debian.org/security/2018/dsa-4256 https://access.redhat.com/security/cve/CVE-2018-6152 https://bugzilla.redhat.com/show_bug.cgi?id=1608208 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2018-6553 – AppArmor cupsd Sandbox Bypass Due to Use of Hard Links
https://notcve.org/view.php?id=CVE-2018-6553
A local attacker could possibly use this issue to escape confinement. • https://lists.debian.org/debian-lts-announce/2018/07/msg00014.html https://security.gentoo.org/glsa/201908-08 https://usn.ubuntu.com/usn/usn-3713-1 https://www.debian.org/security/2018/dsa-4243 •
CVE-2018-8314
https://notcve.org/view.php?id=CVE-2018-8314
An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." ... Existe una vulnerabilidad de elevación de privilegios cuando Windows no realiza una comprobación, lo que permite un escape del sandbox. • http://www.securityfocus.com/bid/104652 http://www.securitytracker.com/id/1041263 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314 •
CVE-2018-12365 – Mozilla: Compromised IPC child process can list local filenames
https://notcve.org/view.php?id=CVE-2018-12365
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. ... Un proceso hijo IPC comprometido puede escapar el sandbox de contenido y listar los nombres de archivos arbitrarios en el sistema de archivos sin consentimiento o interacción del usuario. • http://www.securityfocus.com/bid/104560 http://www.securitytracker.com/id/1041193 https://access.redhat.com/errata/RHSA-2018:2112 https://access.redhat.com/errata/RHSA-2018:2113 https://access.redhat.com/errata/RHSA-2018:2251 https://access.redhat.com/errata/RHSA-2018:2252 https://bugzilla.mozilla.org/show_bug.cgi?id=1459206 https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html https://securi • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •
CVE-2018-6127 – chromium-browser: Use after free in indexedDB
https://notcve.org/view.php?id=CVE-2018-6127
Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • http://www.securityfocus.com/bid/104309 http://www.securitytracker.com/id/1041014 https://access.redhat.com/errata/RHSA-2018:1815 https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html https://crbug.com/842990 https://www.debian.org/security/2018/dsa-4237 https://access.redhat.com/security/cve/CVE-2018-6127 https://bugzilla.redhat.com/show_bug.cgi?id=1584037 • CWE-416: Use After Free •