CVE-2019-18671

Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attacke...

Design/Logic Flaw

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...

Design/Logic Flaw

Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attacke...

CVE-2019-18672

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...

CVE-2019-18672

The affected product is the ShapeShift KeepKey hardware wallet. The issue stems from insufficient checks in the device’s finite state machine prior to firmware 6.2.2, which allows a partial reset of cryptographic secrets to known values via crafted messages. This vulnerability can compromise U2F ...

CVE-2019-18671

Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attacke...

CVE-2019-18671

CVE-2019-18671 affects the ShapeShift KeepKey hardware wallet. Insufficient checks in USB packet handling allow out-of-bounds writes in the .bss segment on firmware up to 6.2.1, with potential code execution or other impact. The issue can be triggered by unauthenticated users and is reachable via...

PT-2019-15571 · Shapeshift · Keepkey

Name of the Vulnerable Software and Affected Versions: ShapeShift KeepKey hardware wallet versions prior to 6.2.2 Description: The issue is related to insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet. This allows a partial reset of cryptographic secrets to...

The vulnerability in the implementation of the WebUSB protocol of Google Chrome allows a perpetrator to circumvent security restrictions.

The vulnerability of the WebUSB protocol implementation in Google Chrome is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass security restrictions remotely...

The vulnerability of the WebUSB protocol implementation in Google Chrome web browsers allows a perpetrator to execute arbitrary code.

The vulnerability of the WebUSB protocol implementation in Google Chrome’s web browser is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted web page...

Google Chrome Memory Misreference Vulnerability (CNVD-2019-26395)

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in WebUSB Windows in versions prior to Google Chrome 76.0.3809.87. An attacker can exploit this vulnerability by tricking a user into visiting a specially crafted website to execute arbitra...

openSUSE Security Update : Chromium (openSUSE-2019-548)

This update for Chromium to version 67.0.3396.99 fixes multiple issues. Security issues fixed bsc1095163 : - CVE-2018-6123: Use after free in Blink - CVE-2018-6124: Type confusion in Blink - CVE-2018-6125: Overly permissive policy in WebUSB - CVE-2018-6126: Heap buffer overflow in Skia -...

openSUSE Security Update : Chromium (openSUSE-2018-759)

This update for Chromium to version 67.0.3396.99 fixes multiple issues. Security issues fixed bsc1095163 : - CVE-2018-6123: Use after free in Blink - CVE-2018-6124: Type confusion in Blink - CVE-2018-6125: Overly permissive policy in WebUSB - CVE-2018-6126: Heap buffer overflow in Skia -...

Security update for Chromium (important)

This update for Chromium to version 67.0.3396.99 fixes multiple issues. Security issues fixed bsc1095163: - CVE-2018-6123: Use after free in Blink - CVE-2018-6124: Type confusion in Blink - CVE-2018-6125: Overly permissive policy in WebUSB - CVE-2018-6126: Heap buffer overflow in Skia -...

Security update for Chromium (important)

This update for Chromium to version 67.0.3396.99 fixes multiple issues. Security issues fixed bsc1095163: - CVE-2018-6123: Use after free in Blink - CVE-2018-6124: Type confusion in Blink - CVE-2018-6125: Overly permissive policy in WebUSB - CVE-2018-6126: Heap buffer overflow in Skia -...

Debian DSA-4237-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2018-6118 Ned Williamson discovered a use-after-free issue. - CVE-2018-6120 Zhou Aiting discovered a buffer overflow issue in the pdfium library. - CVE-2018-6121 It was discovered that malicious extensions could...

[SECURITY] [DSA 4237-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4237-1 [email protected] https://www.debian.org/security/ Michael Gilbert June 30, 2018 https://www.debian.org/security/faq -...

Google Chrome WebUSB Security Bypass Vulnerability

Google Chrome is a web browser developed by Google, Inc. WebUSB is a component that supports browser access to USB devices. A security vulnerability exists in WebUSB in versions of Google Chrome prior to 67.0.3396.62. A remote attacker can exploit this vulnerability by tricking a user into visiti...

Security update for chromium (important)

This update for chromium to version 66.0.3359.181 fixes the following issues: The following security issues were fixed boo1095163: CVE-2018-6123: Use after free in Blink. CVE-2018-6124: Type confusion in Blink. CVE-2018-6125: Overly permissive policy in WebUSB. CVE-2018-6126: Heap buffer overflow...

Google Patches 34 Browser Bugs in Chrome 67, Adds Spectre Fixes

Google updated its Chrome browser to version 67.0.3396.62 on Tuesday patching 34 bugs and adding support for the credential management API called WebAuthn. The update will be available in the coming days for Windows, Mac and Linux platforms, Google said. Most notably to the browser update are...