CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3156
https://notcve.org/view.php?id=CVE-2024-3156
Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) La implementación inapropiada en V8 en Google Chrome anterior a 123.0.6312.105 permitió a un atacante remoto realizar potencialmente un acceso a la memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/329130358 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3158
https://notcve.org/view.php?id=CVE-2024-3158
Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Bookmarks de Google Chrome anterior a 123.0.6312.105 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/329965696 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3159 – Google Chrome V8 Enum Cache Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-3159
Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) El acceso a memoria fuera de los límites en V8 en Google Chrome anterior a 123.0.6312.105 permitía a un atacante remoto realizar lectura/escritura arbitraria a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the enum cache in V8. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/330760873 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-2631
https://notcve.org/view.php?id=CVE-2024-2631
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) La implementación inapropiada en iOS en Google Chrome anterior a 123.0.6312.58 permitió a un atacante remoto realizar una suplantación de interfaz de usuario a través de una página HTML manipulada. (Severidad de seguridad de Chrome: baja) • https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html https://issues.chromium.org/issues/41495878 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2024-2630
https://notcve.org/view.php?id=CVE-2024-2630
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) La implementación inadecuada en iOS en Google Chrome anterior a 123.0.6312.58 permitió a un atacante remoto filtrar datos de orígenes cruzados a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) • https://github.com/Roud-Roud-Agency/CVE-2024-26304-RCE-exploits https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html https://issues.chromium.org/issues/41481877 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •