Page 72 of 2048 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-17477 – chromium-browser: UI spoof in Extensions

https://notcve.org/view.php?id=CVE-2018-17477

Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page. La colocación incorrecta de diálogos en Extensions en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto suplantase el contenido de los popups de extensión mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/863703 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17477 https://bugzilla.redhat.com/show_bug.cgi?id=1640115 •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-17476 – chromium-browser: Security UI occlusion in full screen mode

https://notcve.org/view.php?id=CVE-2018-17476

Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. La colocación incorrecta de diálogos en Cast UI en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto ocultase la advertencia total de pantalla mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/812769 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17476 https://bugzilla.redhat.com/show_bug.cgi?id=1640113 •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-17471 – chromium-browser: Security UI occlusion in full screen mode

https://notcve.org/view.php?id=CVE-2018-17471

Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. La colocación incorrecta de diálogos en WebContents en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto ocultase la advertencia total de pantalla mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/873080 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17471 https://bugzilla.redhat.com/show_bug.cgi?id=1640107 •

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

CVE-2018-17474 – chromium-browser: Use after free in Blink

https://notcve.org/view.php?id=CVE-2018-17474

Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Uso de memoria previamente liberada en HTMLImportsController en Blink en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/843151 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17474 https://bugzilla.redhat.com/show_bug.cgi?id=1640111 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

CVE-2018-17465 – chromium-browser: Use after free in V8

https://notcve.org/view.php?id=CVE-2018-17465

Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. La implementación incorrecta del recorte de objetos en V8 en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto pudiese explotar una corrupción de objetos mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/870226 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17465 https://bugzilla.redhat.com/show_bug.cgi?id=1640101 • CWE-416: Use After Free •