Page 60 of 2001 results (0.007 seconds)

CVSS: 8.8EPSS: 86%CPEs: 5EXPL: 1

Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Ejecución de código JavaScript proporcionado por el usuario durante una deserialización de arrays, la cual provoca una escritura fuera de límites en la versión "V8" de Google Chrome en versiones anteriores a la 71.0.3578.80, permitía a un atacante remoto ejecutar código arbitrario dentro de un sandbox mediante una página HTML manipulada. Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/905940 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-17480 https://bugzilla.redhat.com/show_bug.cgi?id=1656547 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0

Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de búfer basado en memoria dinámica (heap) en Skia en Google Chrome, en versiones anteriores a la 71.0.3578.80, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/895362 https://security.gentoo.org/glsa/201904-07 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18335 https://bugzilla.redhat& • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 2%CPEs: 17EXPL: 0

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de enteros en el manejo de rutas conduce a un uso de memoria previamente liberada en Skia en Google Chrome en versiones anteriores a la 71.0.3578.80 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://access.redhat.com/errata/RHSA-2019:0373 https://access.redhat.com/errata/RHSA-2019:0374 https://access.redhat.com/errata/RHSA-2019:1144 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/883666 https://lists.debian.org/debian-lts-announce/2019/02/msg00023.html h • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0

Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page. El manejo incorrecto de URL blob en Site Isolation en Google Chrome, en versiones anteriores a la 71.0.3578.80 permitía a un atacante remoto que había comprometido el proceso "renderer" omitir protecciones de aislamiento de sitios mediante una página HTML manipulada. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/886976 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18345 https://bugzilla.redhat.com/show_bug.cgi?id=1656559 •

CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. El manejo incorrecto de caracteres confundibles en URL Formatter en Google Chrome en versiones anteriores a la 71.0.3578.80 permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante un nombre de dominio manipulado. • http://www.securityfocus.com/bid/106084 https://access.redhat.com/errata/RHSA-2018:3803 https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html https://crbug.com/896717 https://security.gentoo.org/glsa/201908-18 https://www.debian.org/security/2018/dsa-4352 https://access.redhat.com/security/cve/CVE-2018-18355 https://bugzilla.redhat.com/show_bug.cgi?id=1656569 •