CVSS: 8.8EPSS: 9%CPEs: 4EXPL: 1CVE-2021-38003 – Google Chromium V8 Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2021-38003
23 Nov 2021 — Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una implementación inapropiada de V8 en Google Chrome versiones anteriores a 95.0.4638.69, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or informatio... • https://github.com/SpiralBL0CK/Chrome-V8-RCE-CVE-2021-38003 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38002 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-38002
23 Nov 2021 — Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Un uso de memoria previamente liberada en Web Transport en Google Chrome versiones anteriores a 95.0.4638.69, permitía a un atacante remoto llevar a cabo un escape de sandbox por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or informa... • https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 3CVE-2021-38001 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-38001
23 Nov 2021 — Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipos en V8 en Google Chrome versiones anteriores a 95.0.4638.69, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. • https://github.com/Peterpan0927/TFC-Chrome-v8-bug-CVE-2021-38001-poc • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.1EPSS: 3%CPEs: 5EXPL: 0CVE-2021-38000 – Google Chromium Intents Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2021-38000
23 Nov 2021 — Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. La comprobación insuficiente de entradas no confiables en Intents en Google Chrome en Android versiones anteriores a 95.0.4638.69, permitía a un atacante remoto navegar arbitrariamente a una URL maliciosa por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result... • https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-37999 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-37999
23 Nov 2021 — Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. Una comprobación insuficiente de datos en New Tab Page en Google Chrome versiones anteriores a 95.0.4638.69, permitía a un atacante remoto inyectar scripts o HTML arbitrarios en una nueva pestaña del navegador por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result... • https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-37998 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-37998
23 Nov 2021 — Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Garbage Collection en Google Chrome versiones anteriores a 95.0.4638.69, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denia... • https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-37997 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-37997
23 Nov 2021 — Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Sign-In en Google Chrome versiones anteriores a 95.0.4638.69, permitía a un atacante remoto que convenciera a un usuario de iniciar sesión en Chrome explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Multiple security issues were discover... • https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html • CWE-416: Use After Free •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6492
https://notcve.org/view.php?id=CVE-2020-6492
02 Nov 2021 — Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Un uso de memoria previamente liberada en ANGLE en Google Chrome versiones anteriores a 83.0.4103.97, permitía a un atacante remoto llevar a cabo potencialmente un escape de sandbox por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-37996 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-37996
02 Nov 2021 — Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file. Una comprobación insuficiente de entradas no confiables en Downloads en Google Chrome versiones anteriores a 95.0.4638.54, permitían a un atacante remoto omitir las restricciones de navegación por medio de un archivo malicioso Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, de... • https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-37995 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-37995
02 Nov 2021 — Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Una implementación inapropiada en WebApp Installer en Google Chrome versiones anteriores a 95.0.4638.54, permitía a un atacante remoto superponer y falsificar el contenido de la Omnibox (barra de URL) por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which cou... • https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html •