Google Chrome < 64.0.3282.140 Vulnerability

The version of Google Chrome installed on the remote Windows host is prior to 64.0.3282.140. It is, therefore, affected by a vulnerability as referenced in the 201802stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the...

Google Chrome < 64.0.3282.140 Vulnerability

The version of Google Chrome installed on the remote macOS host is prior to 64.0.3282.140. It is, therefore, affected by a vulnerability as referenced in the 201802stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the...

CVE-2017-5132

Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka incorrect WebAssembly stack manipulation...

CVE-2017-15392

Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration...

chromium-browser: integer underflow in webassembly

Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page...

Important: Red Hat Security Advisory: chromium-browser security update

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

CVE-2018-5093

A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox 58...

Google Chrome V8 Engine and Digia Qt QtWebEngineCore Denial of Service Vulnerability

Google Chrome is a web browser developed by Google Google.V8 is a set of open source JavaScript engine.Digia Qt is a cross-platform C++ application development framework from Digia Finland. The framework can be used to develop GUI programs. QtWebEngineCore is one of the Web engine core. A denial ...

Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CNVD-2018-00530)

Microsoft Windows 10 and Windows Server 2016 are both products of Microsoft Corporation USA. The former is an operating system for personal computers and the latter is a server operating system.Edge is one of the default browsers that comes with the system.scripting engine is one of the JavaScrip...

Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CNVD-2018-00528)

Microsoft Windows 10 and Windows Server 2016 are both products of Microsoft Corporation USA. The former is an operating system for personal computers and the latter is a server operating system.Edge is one of the default browsers that comes with the system.scripting engine is one of the JavaScrip...

Microsoft Browser Scripting Engine Memory Corruption (CVE-2018-0762)

A Type Confusion vulnerability exists in Microsoft Browsers. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. Successful exploitation of this vulnerability can achieve Remote Code Execution...

Microsoft Edge Scripting Engine Memory Corruption (CVE-2018-0777)

A remote code execution vulnerability has been reported in Microsoft Edge. The vulnerability is due to an Out-of-Bounds write in the JavaScript engine. A remote attacker can exploit this issue by enticing a victim to open a specially crafted web page that could cause memory corruption in a way th...

Speculative execution side-channel attack ("Spectre") — Mozilla

Jann Horn of Google Project Zero Security reported that speculative execution performed by modern CPUs could leak information through a timing side-channel attack. Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated that code on a malicious web pag...

mozilla -- Speculative execution side-channel attack

Mozilla Foundation reports: Jann Horn of Google Project Zero Security reported that speculative execution performed by modern CPUs could leak information through a timing side-channel attack. Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated that...

The vulnerability in the JavaScript V8 engine of Google Chrome’s browser allows a hacker to execute read-out operations beyond the memory limit.

The vulnerability in the JavaScript V8 engine of Google Chrome browsers exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to perform out-of-memory reading through a specially crafted HTML page...

The vulnerability in the JavaScript V8 engine of Google Chrome’s browser allows a hacker to execute arbitrary code.

The vulnerability in the JavaScript V8 engine of Google Chrome’s Google Chrome browser is related to deficiencies in access control during the processing of the Array.prototype.indexOf method. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in a “sandbox”...

The vulnerability in the JavaScript V8 engine of Google Chrome’s browser allows a hacker to gain access to memory areas beyond the boundaries of the application.

The vulnerability of the V8 component in Google Chrome browser is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to gain access to memory areas beyond the boundaries of the application, through a specially crafted HTML page...

GHSA-VX5C-87QX-CV6C Arbitrary Code Execution in mathjs

math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. Recommendation Update to version 3.17.0 or later...

Arbitrary Code Execution in mathjs

math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. Recommendation Update to version 3.17.0 or later...

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11889)

A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...