CVE-2021-38497

Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...

CVE-2021-38508

By displaying a form validity message in the correct location at the same time as a permission prompt such as for geolocation, the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox 94,...

CVE-2020-16048

Out of bounds read in ANGLE allowed a remote attacker to obtain sensitive data via a crafted HTML page...

DEBIAN-CVE-2021-37991

Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2021-37985

Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page...

USN-5127-1: WebKitGTK vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to errors in the implementation of methods and functions. Exploiting this vulnerability can allow a malicious actor to gain access to the system remotely...

The vulnerability of Google Chrome’s JavaScript V8 engine, related to type conversion errors, allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of Google Chrome’s JavaScript V8 engine is related to type conversion errors. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures through a specially created HTML page...

Google Chrome 资源管理错误漏洞

Chrome is a web browsing tool developed by Google. a post-release reuse vulnerability exists in V8 in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit the vulnerability to exploit heap corruption via a crafted HTML page...

Google Chrome 竞争条件问题漏洞

Chrome is a web browsing tool developed by Google. a competing condition vulnerability exists in V8 in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2021-37975

Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2021-30632

Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2021-30632

Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-37975

Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: gwillcox-r7 at October 02, 2021 7:38pm UTC reported: Exploitation in the wild of this bug has been noted as reported by Google ...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine arises due to an overflow in the buffer of dynamic memory. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information through a...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine, related to memory usage after deallocation, allows attackers to execute arbitrary code.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Google Emergency Update Fixes Two Chrome Zero Days

Google has pushed out an emergency Chrome update to fix yet another pair of zero days – the second pair this month – that are being exploited in the wild. This hoists this year’s total number of zero days found in the browser up to a dozen. “Google is aware the exploits for CVE-2021-37975 and...

Remote Code Execution (RCE)

Overview md-to-pdf is a CLI tool for converting Markdown files to PDF. Affected versions of this package are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine. PoC: bash //Before running poc.js: $ cat...

The vulnerability in the `lexer_parse_number` function of the `js-lexer.c` component of the JavaScript engine for Internet of Things applications, JerryScript, and the IoT.js platform, related to buffer overflows, allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of the lexerparsenumber function in the js-lexer.c component of the JavaScript engine for the Internet of Things, JerryScript, and the IoT.js platform, is related to buffer overflow attacks. Exploiting this vulnerability could allow an attacker to gain access to confidential dat...

Update now! Google Chrome fixes two in-the-wild zero-days

Google announced on Monday that it will be issuing patches for 11 high severity vulnerabilities found in Chrome, including two that are currently being exploited in the wild. The patch, which is part of the Stable Channel Update for Chrome 93 93.0.4577.82, will be released for Windows, Mac, and...