CVE-2024-3843
https://notcve.org/view.php?id=CVE-2024-3843
Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) La validación de datos insuficiente en Descargas en Google Chrome anterior a 124.0.6367.60 permitió a un atacante remoto realizar una suplantación de la interfaz de usuario a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html https://issues.chromium.org/issues/41486690 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ https://lists.fedoraproject.org/archives/list/ • CWE-290: Authentication Bypass by Spoofing •
CVE-2024-3841
https://notcve.org/view.php?id=CVE-2024-3841
Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium) La validación de datos insuficiente en Browser Switcher en Google Chrome anterior a 124.0.6367.60 permitió a un atacante remoto inyectar scripts o HTML en una página privilegiada a través de un archivo malicioso. (Severidad de seguridad de Chromium: media) • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html https://issues.chromium.org/issues/330376742 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ https://lists.fedoraproject.org/archives/list • CWE-20: Improper Input Validation •
CVE-2024-3840
https://notcve.org/view.php?id=CVE-2024-3840
Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) La aplicación insuficiente de políticas en Site Isolation en Google Chrome antes de 124.0.6367.60 permitió a un atacante remoto eludir las restricciones de navegación a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html https://issues.chromium.org/issues/41493458 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ https://lists.fedoraproject.org/archives/list/ • CWE-285: Improper Authorization •
CVE-2024-3839
https://notcve.org/view.php?id=CVE-2024-3839
Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) La lectura fuera de los límites en fuentes en Google Chrome anterior a 124.0.6367.60 permitía a un atacante remoto obtener información potencialmente confidencial de la memoria del proceso a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) • https://github.com/vin01/poc-cve-2024-38396 https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html https://issues.chromium.org/issues/41491859 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3P • CWE-125: Out-of-bounds Read •
CVE-2024-3838
https://notcve.org/view.php?id=CVE-2024-3838
Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium) La implementación inadecuada de Autocompletar en Google Chrome anterior a 124.0.6367.60 permitió que un atacante convenciera a un usuario de instalar una aplicación maliciosa para realizar una suplantación de la interfaz de usuario a través de una aplicación manipulada. (Severidad de seguridad de Chromium: media) • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html https://issues.chromium.org/issues/328278717 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO • CWE-358: Improperly Implemented Security Check for Standard •