Google Chrome 安全漏洞

Google Chromium is an open source web browser from Google USA. A security vulnerability previously existed in Google Chromium version 90.0.4430.212. The vulnerability stems from a type obfuscation security issue found in the V8 component of the program. No details of the vulnerability are provide...

Foxit Reader FileAttachment annotation use-after-free vulnerability

Summary A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into openi...

DEBIAN-CVE-2021-21231

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2021-21231

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2021-21225

Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2021-21225

Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2021-21222

Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page...

CVE-2021-29947

Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 88...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A type obfuscation vulnerability exists in V8 in versions of Google Chrome prior to 90.0.4430.93. A remote attacker can exploit the vulnerability by leveraging heap corruption via specially crafted HTML pages...

CVE-2021-23997

Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox 88...

CVE-2021-24002

When a user clicked on an FTP URL containing encoded newline characters %0A and %0D, the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

Chrome Zero-Day Exploit Posted on Twitter

A researcher has dropped working exploit code for a zero-day remote code execution RCE vulnerability on Twitter, which he said affects the current versions of Google Chrome and potentially other browsers, like Microsoft Edge, that use the Chromium framework. Security researcher Rajvardhan Agarwal...

Chrome V8 JavaScript Engine Remote Code Execution

/ BSD 2-Clause License Copyright c 2021, rajvardhan agarwal All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice,...

DEBIAN-CVE-2021-21195

Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Google Chrome 资源管理错误漏洞

Chrome is a simple and efficiently designed web browsing tool developed by Google. A post-release reuse vulnerability exists in V8 in versions prior to Google Chrome 89.0.4389.114. A programmed attacker can exploit this vulnerability to cause heap damage via a crafted HTML page...

Node.js: Unexpected input validation of octal literals in nodejs v15.12.0 and below returns defined values for all undefined octal literals.

Summary: Unexpected input validation of octal literals in the nodejs implementation of V8 JavaScript engine V8 9.0.257.13 and below returns defined values for all undefined octal literals where otherwise should return undefined. Input data 08, 09... 078, 079 should return undefined, as evinced by...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine, related to writing beyond the buffer limit, allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to gain access to sensitive data, compromise its integrity, and cause service failures...

JerryScript suffers from a denial of service vulnerability (CNVD-2021-26018)

JerryScript is a lightweight JavaScript engine . A denial of service vulnerability exists in JerryScript, which can be exploited by an attacker to cause a denial of service...

JerryScript suffers from a denial of service vulnerability (CNVD-2021-25997)

JerryScript is a lightweight JavaScript engine . A denial of service vulnerability exists in JerryScript, which can be exploited by an attacker to cause a denial of service...

JerryScript suffers from a denial of service vulnerability (CNVD-2021-25996)

JerryScript is a lightweight JavaScript engine . A denial of service vulnerability exists in JerryScript, which can be exploited by an attacker to cause a denial of service...