Page 96 of 3216 results (0.017 seconds)

CVSS: 6.5EPSS: 11%CPEs: 5EXPL: 1

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page. Una comprobación insuficiente de entradas no confiables en Intents en Google Chrome en Android versiones anteriores a 104.0.5112.101, permitía a un atacante remoto navegar arbitrariamente a un sitio web malicioso por medio de una página HTML diseñada. Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html https://crbug.com/1345630 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page. Una implementación inapropiada de Extensions API en Google Chrome versiones anteriores a 104.0.5112.101, permitía a un atacante que convenciera a un usuario de instalar una extensión maliciosa inyectar scripts arbitrarios en la Interfaz de Usuario Web por medio de una página HTML manipulada. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html https://crbug.com/1346236 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en ANGLE en Google Chrome versiones anteriores a 104.0.5112.101, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html https://crbug.com/1345042 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. Un desbordamiento del búfer de la pila en PDF en Google Chrome versiones anteriores a 104.0.5112.79, permitía que un atacante remoto que convenciera a un usuario de realizar determinadas interacciones con él pudiera aprovechar la corrupción de la pila por medio de un archivo PDF diseñado. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://crbug.com/1339745 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE https://security.gentoo.org/glsa/202208-35 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. Un uso de la memoria previamente liberada en Offline en Google Chrome en Android versiones anteriores a 104.0.5112.79, permitía a un atacante remoto que convencía a un usuario de participar en interacciones de usuario específicas para explotar potencialmente la corrupción de la pila por medio de interacciones de Interfaz de Usuario específicas. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://crbug.com/1337798 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE https://security.gentoo.org/glsa/202208-35 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •