CVSS: 8.8EPSS: 97%CPEs: 5EXPL: 5CVE-2018-17463 – Google Chromium V8 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-17463
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Anotación de efecto secundario en V8 en Google Chrome en versiones anteriores a la 70.0.3538.64 permitía que un atacante remoto ejecutase código arbitrario dentro de un sandbox mediante una página HTML manipulada. Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://www.exploit-db.com/exploits/48184 https://github.com/jhalon/CVE-2018-17463 https://github.com/kdmarti2/CVE-2018-17463 http://packetstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.html http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/888923 https://security.gentoo.org/glsa/201811-10 https://www.d •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2018-17468 – chromium-browser: Cross-origin URL disclosure in Blink
https://notcve.org/view.php?id=CVE-2018-17468
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. El manejo incorrecto de información de temporización durante la navegación en Blink en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto obtuviese URL de orígenes cruzados mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/876822 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17468 https://bugzilla.redhat.com/show_bug.cgi?id=1640104 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-17471 – chromium-browser: Security UI occlusion in full screen mode
https://notcve.org/view.php?id=CVE-2018-17471
Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. La colocación incorrecta de diálogos en WebContents en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto ocultase la advertencia total de pantalla mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/873080 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17471 https://bugzilla.redhat.com/show_bug.cgi?id=1640107 •
CVSS: 7.4EPSS: 2%CPEs: 5EXPL: 0CVE-2018-17470 – chromium-browser: Memory corruption in GPU Internals
https://notcve.org/view.php?id=CVE-2018-17470
A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un desbordamiento de búfer basado en memoria dinámica (heap) en GPU en Google Chrome, en versiones anteriores a la 70.0.3538.67, permitía que un atacante remoto, que hubiese comprometido el proceso renderer, pudiese escapar del sandbox mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/877874 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17470 https://bugzilla.redhat.com/show_bug.cgi?id=1640106 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-17467 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-17467
Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. La limpieza insuficientemente rápida de contenido renderizado obsoleto en la navegación en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto suplantase el contenido de Omnibox (barra de direcciones) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/844881 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17467 https://bugzilla.redhat.com/show_bug.cgi?id=1640103 • CWE-459: Incomplete Cleanup •