Security News

CVE-2019-5769

National Vulnerability Database - Tue, 02/19/2019 - 12:29
Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Categories: Security News

CVE-2019-5770 (chrome)

National Vulnerability Database - Tue, 02/19/2019 - 12:29
Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Categories: Security News

CVE-2019-5771

National Vulnerability Database - Tue, 02/19/2019 - 12:29
An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Categories: Security News

CVE-2019-5772 (chrome)

National Vulnerability Database - Tue, 02/19/2019 - 12:29
Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Categories: Security News

CVE-2019-5773 (chrome)

National Vulnerability Database - Tue, 02/19/2019 - 12:29
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
Categories: Security News

CVE-2019-5774 (chrome)

National Vulnerability Database - Tue, 02/19/2019 - 12:29
Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.
Categories: Security News

CVE-2019-5775 (chrome)

National Vulnerability Database - Tue, 02/19/2019 - 12:29
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
Categories: Security News

CVE-2019-5776 (chrome)

National Vulnerability Database - Tue, 02/19/2019 - 12:29
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
Categories: Security News

CVE-2019-5777 (chrome)

National Vulnerability Database - Tue, 02/19/2019 - 12:29
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
Categories: Security News

CVE-2019-5778

National Vulnerability Database - Tue, 02/19/2019 - 12:29
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.
Categories: Security News

CVE-2019-5779 (chrome)

National Vulnerability Database - Tue, 02/19/2019 - 12:29
Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Categories: Security News

CVE-2018-1996

National Vulnerability Database - Tue, 02/19/2019 - 12:29
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650.
Categories: Security News

CVE-2019-5754 (chrome)

National Vulnerability Database - Tue, 02/19/2019 - 12:29
Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.
Categories: Security News

CVE-2019-5755 (chrome)

National Vulnerability Database - Tue, 02/19/2019 - 12:29
Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.
Categories: Security News

CVE-2019-5756 (chrome)

National Vulnerability Database - Tue, 02/19/2019 - 12:29
Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
Categories: Security News

CVE-2019-5757 (chrome)

National Vulnerability Database - Tue, 02/19/2019 - 12:29
An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
Categories: Security News

CVE-2019-5758 (chrome)

National Vulnerability Database - Tue, 02/19/2019 - 12:29
Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Categories: Security News

CVE-2019-5759 (chrome)

National Vulnerability Database - Tue, 02/19/2019 - 12:29
Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
Categories: Security News

CVE-2019-5760 (chrome)

National Vulnerability Database - Tue, 02/19/2019 - 12:29
Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Categories: Security News

CVE-2019-5761 (chrome)

National Vulnerability Database - Tue, 02/19/2019 - 12:29
Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Categories: Security News

Pages