2108 matches found
Out-of-bounds
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit"...
CVE-2018-4222
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit"...
CVE-2018-4222
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit"...
UBUNTU-CVE-2018-4222
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit"...
WebKit - WebAssembly Compilation Info Leak
WebKit - WebAssembly Compilation Info Leak arrayBufferView-vector : staticcastarrayBuffer-impl-data; If the source buffer is a view DataView or TypedArray, arrayBufferView-vector is returned. The vector method returns the start of the data in the buffer, including any offset. However, the functio...
Google Chrome - Integer Overflow when Processing WebAssembly Locals
Google Chrome - Integer Overflow when Processing WebAssembly Locals / When v8 decodes the locals of a function, it performs a check: if count + typelist-size kV8MaxWasmFunctionLocals decoder-errordecoder-pc - 1, "local count too large"; return false; On a 32-bit platform, this check can be bypass...
WebKit: Info leak in WebAssembly Compilation(CVE-2018-4222)
There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. When a source buffer is compiled, it is first copied into a read-only buffer by the functuion getWasmBufferFromValue. This function returns the code buffer as follows: return arrayBufferView ?...
Google Chrome: Integer Overflow when Processing WebAssembly Locals(CVE-2018-6092)
When v8 decodes the locals of a function, it performs a check: if count + typelist-size kV8MaxWasmFunctionLocals decoder-errordecoder-pc - 1, "local count too large"; return false; On a 32-bit platform, this check can be bypassed due to an integer overflow. This allows the number of function loca...
CVE-2018-4222
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit"...
WebKit - WebAssembly Compilation Info Leak
arrayBufferView-vector : staticcastarrayBuffer-impl-data; If the source buffer is a view DataView or TypedArray, arrayBufferView-vector is returned. The vector method returns the start of the data in the buffer, including any offset. However, the function createSourceBufferFromValue copies the...
Google Chrome - Integer Overflow when Processing WebAssembly Locals
/ When v8 decodes the locals of a function, it performs a check: if count + typelist-size kV8MaxWasmFunctionLocals decoder-errordecoder-pc - 1, "local count too large"; return false; On a 32-bit platform, this check can be bypassed due to an integer overflow. This allows the number of function...
chromium-browser: Incorrect mutability protection in WebAssembly
Object lifecycle issue in WebAssembly in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Google Chrome WebAssembly Incorrect Mutability Protection Vulnerability
Google Chrome is a web browser developed by Google, and WebAssembly is a sandboxed execution environment. A security vulnerability exists in WebAssembly in versions of Google Chrome prior to 67.0.3396.62. A remote attacker can exploit the vulnerability with the help of a specially crafted website...
CVE-2016-10587
wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...
CVE-2016-10587
wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...
Remote code execution
wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...
CVE-2016-10587
The CVE-2016-10587 issue affects the wasdk toolkit for creating WebAssembly modules, where binary resources are downloaded over unencrypted HTTP. This plaintext transmission enables a man-in-the-middle to swap the requested binary with a malicious one, potentially causing remote code execution on...
Security update for chromium (important)
This update for chromium to version 66.0.3359.181 fixes the following issues: The following security issues were fixed boo1095163: CVE-2018-6123: Use after free in Blink. CVE-2018-6124: Type confusion in Blink. CVE-2018-6125: Overly permissive policy in WebUSB. CVE-2018-6126: Heap buffer overflow...
Google Patches 34 Browser Bugs in Chrome 67, Adds Spectre Fixes
Google updated its Chrome browser to version 67.0.3396.62 on Tuesday patching 34 bugs and adding support for the credential management API called WebAuthn. The update will be available in the coming days for Windows, Mac and Linux platforms, Google said. Most notably to the browser update are...
CVE-2018-6131
Object lifecycle issue in WebAssembly in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...