CVE-2018-6159

CVE-2018-6159 affects Google Chrome/Chromium via an information-disclosure vulnerability in ServiceWorker caused by insufficient policy enforcement, allowing a crafted HTML page to access potentially sensitive data from process memory. Public references (including Debian security advisories) indi...

CVE-2018-6150

CVE-2018-6150 is a Chrome/ServiceWorker information-disclosure flaw triggered by incorrect Cross-Origin Resource Sharing handling in Chrome’s Service Worker. Affected product: Google Chrome (pre-66.0.3359.117). Impact: potential leakage of cross-origin data via a crafted page. Root cause: imprope...

CVE-2018-6159

Removed by vendor...

CVE-2018-6150

Removed by vendor...

Google Chrome ServiceWorker Resource Management Error Vulnerability

Google Chrome is a web browser from Google, and ServiceWorker is one of the backend messaging components. A resource management error vulnerability exists in ServiceWorker in versions of Google Chrome prior to 75.0.3770.80. The vulnerability stems from the mismanagement of system resources e.g.,...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 75 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 75.0.3770.80 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...

chromium-browser: CORS bypass in Blink

Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2019-5811

Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2019-5779

Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

DEBIAN-CVE-2019-5779

Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

CVE-2019-5779

Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

CVE-2019-5779

Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

Design/Logic Flaw

Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

CVE-2019-5779

Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

CVE-2019-5779

CVE-2019-5779: In Google Chrome, the ServiceWorker implementation suffered from insufficient policy validation, allowing a remote attacker to bypass navigation restrictions via a crafted HTML page. Affected software is Chrome prior to 72.0.3626.81 and the issue is fixed in later builds. The descr...

CVE-2019-5779

Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

[SECURITY] [DSA 4395-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4395-1 [email protected] https://www.debian.org/security/ Michael Gilbert February 18, 2019 https://www.debian.org/security/faq -...

Debian DSA-4395-1 : chromium - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2018-17481 A use-after-free issue was discovered in the pdfium library. - CVE-2019-5754 Klzgrad discovered an error in the QUIC networking implementation. - CVE-2019-5755 Jay Bosamiya discovered an implementation erro...

openSUSE Security Update : chromium (openSUSE-2019-205)

This update for Chromium to version 72.0.3626.96 fixes the following issues : Security issues fixed bsc1123641 and bsc1124936 : - CVE-2019-5784: Inappropriate implementation in V8 - CVE-2019-5754: Inappropriate implementation in QUIC Networking. - CVE-2019-5782: Inappropriate implementation in V8...

openSUSE Security Update : chromium (openSUSE-2019-204)

This update for Chromium to version 72.0.3626.96 fixes the following issues : Security issues fixed bsc1123641 and bsc1124936 : - CVE-2019-5784: Inappropriate implementation in V8 - CVE-2019-5754: Inappropriate implementation in QUIC Networking. - CVE-2019-5782: Inappropriate implementation in V8...