65 matches found
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser from Google Inc. in the United States. A security vulnerability exists in Google Chrome version 104 and prior versions, which stems from a memory reuse after release issue. An attacker could exploit this vulnerability to maliciously construct web content that could...
DEBIAN-CVE-2020-16021
Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to perform OS-level privilege escalation via a malicious file...
CVE-2020-16020
Inappropriate implementation in cryptohome in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass discretionary access control via a malicious file...
CVE-2020-15722
In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system...
Google Chrome < M72 - PaymentRequest Service Use-After-Free Exploit
Google Chrome M72 - PaymentRequest Service Use-After-Free Exploit There are several object-lifetime issues in the browser process in the implementation of payments.mojom.PaymentRequest. The PaymentRequest object contains a std::uniqueptr to a PaymentRequestSpec, which is initialised during the ca...
Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger...
Google Chrome < M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost
Google Chrome M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost There's an object-lifetime issue in the browser process in the handling of P2PSocketDispatcherHost binding in parallel with OnBloatedRenderer event handling. In RenderProcessHostImpl, we have a uniquep...
Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger this by closing the browser while running the attached poc; I'm not sure if there's a...
Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger...
Google Chrome < M72 - FileWriterImpl Use-After-Free
There's a use-after-free in the implementation of the FileWriter component of the mojo bindings for the filesystem API. The browser-process side of this API is defined in https://cs.chromium.org/chromium/src/thirdparty/blink/public/mojom/filesystem/filewriter.mojom?type=cs&sq=package:chromium&g=0...
Racing MIDI messages in Chrome
This is a guest blog post by Oliver Chang from the Chrome Security team. This post is about an exceptionally bad use after free bug in Chrome’s browser process that affected Linux, Chrome OS and OS X. What makes this bug interesting is the fact that it could be directly triggered from the web...
Google Chrome - Renderer Process to Browser Process Privilege Escalation
Google Chrome - Renderer Process to Browser Process Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=664 There is an overflow in the ui::PlatformCursor WebCursor::GetPlatformCursor method. In...
Chrome - open-vcdiff OOB Read in Browser Process Integer Overflow Exploit
Exploit for linux platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=513 There's an integer overflow issue in sanity checking section lengths when parsing the vcdiff format used in SDCH content encoding. This results in the parser parsing...
Google Chrome - open-vcdiff Out-of-Bounds Read in Browser Process Integer Overflow
Source: https://code.google.com/p/google-security-research/issues/detail?id=513 There's an integer overflow issue in sanity checking section lengths when parsing the vcdiff format used in SDCH content encoding. This results in the parser parsing outside of sane memory bounds when parsing the...
HP Point of Sale OPOS Driver OPOSPOSKeyboard.ocx Open Method Buffer Overflow (CVE-2014-7891)
A buffer overflow vulnerability exists in the OPOSPOSKeyboard.ocx component of HP Point of Sale PC running with OPOS Driver. The vulnerability is due to insufficient input validation on user controller data to the Open method.A remote, unauthenticated attacker can exploit this vulnerability by...
Hewlett-Packard POS Printer Windows And OPOS Drivers OPOSMICR.ocx Open Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard POS Printer Windows and OPOS Drivers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...
Hewlett-Packard POS Keyboard OPOS Drivers OPOSMSR.ocx Open Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard POS Keyboard OPOS Drivers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...
Hewlett-Packard POS Printer Windows and OPOS Drivers OPOSPOSPrinter.ocx Open Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard POS Printer Windows and OPOS Drivers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...
Hewlett-Packard POS Keyboard OPOS Drivers opostoneindicator.ocx Open Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard POS Keyboard OPOS Drivers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...
Motorola Scanner SDK OPOSSCANNER.ocx Open Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Motorola Scanner SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...