CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38017 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-38017
23 Dec 2021 — Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Una aplicación inapropiada de políticas en iframe sandbox en Google Chrome versiones anteriores a 96.0.4664.45, permitía a un atacante remoto omitir las restricciones de navegación por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of ... • https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38016 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-38016
23 Dec 2021 — Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Una aplicación insuficiente de la política en background fetch en Google Chrome versiones anteriores a 96.0.4664.45, permitía a un atacante remoto omitir la política del mismo origen por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of s... • https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38015 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-38015
23 Dec 2021 — Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Una implementación inapropiada en input en Google Chrome versiones anteriores a 96.0.4664.45, permitía a un atacante que convencía a un usuario de instalar una extensión maliciosa omitir las restricciones de navegación por medio de una extensión de Chrome diseñada Multiple security issues were ... • https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38014 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-38014
23 Dec 2021 — Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una escritura fuera de límites en Swiftshader en Google Chrome versiones anteriores a 96.0.4664.45, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or ... • https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 1CVE-2021-38013 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-38013
23 Dec 2021 — Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page. Un desbordamiento del búfer de la pila en fingerprint recognition en Google Chrome en ChromeOS versiones anteriores a 96.0.4664.45, permitía a un atacante remoto que hubiera comprometido un proceso de renderización de la WebUI llevar a cabo potencialmente un filtrado de sandbo... • https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38012 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-38012
23 Dec 2021 — Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en V8 en Google Chrome versiones anteriores a 96.0.4664.45, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. • https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38011 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-38011
23 Dec 2021 — Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en storage foundation en Google Chrome versiones anteriores a 96.0.4664.45, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, deni... • https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38009 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-38009
23 Dec 2021 — Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una implementación inapropiada en la caché en Google Chrome versiones anteriores a 96.0.4664.45, permitía a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. • https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html • CWE-203: Observable Discrepancy •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 1CVE-2021-38008 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-38008
23 Dec 2021 — Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en media en Google Chrome versiones anteriores a 96.0.4664.45, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or informati... • https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38007 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-38007
23 Dec 2021 — Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en V8 en Google Chrome versiones anteriores a 96.0.4664.45, permitía a un atacante remoto aprovechar una corrupción de la pila por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. • https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •