chromium-browser: Same origin policy bypass in ServiceWorker

Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

chromium-browser: Same origin policy bypass in WebAudio

Insufficient policy enforcement in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

chromium-browser: Same origin policy bypass in ServiceWorker

Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

FreeBSD : chromium -- multiple vulnerabilities (b9c525d9-9198-11e8-beba-080027ef1a23)

Google Chrome Releases reports : 42 security fixes in this release, including : - 850350 High CVE-2018-6153: Stack buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2018-06-07 - 848914 High CVE-2018-6154: Heap buffer overflow in WebGL. Reported by Omair on 2018-06-01 -...

openSUSE Security Update : Chromium (openSUSE-2018-780)

This update for Chromium to version 68.0.3440.75 fixes multiple issues. Security issues fixed boo1102530 : - CVE-2018-6153: Stack-based buffer overflow in Skia - CVE-2018-6154: Heap buffer overflow in WebGL - CVE-2018-6155: Use after free in WebRTC - CVE-2018-6156: Heap buffer overflow in WebRTC ...

Security update for Chromium (important)

This update for Chromium to version 68.0.3440.75 fixes multiple issues. Security issues fixed boo1102530: - CVE-2018-6153: Stack buffer overflow in Skia - CVE-2018-6154: Heap buffer overflow in WebGL - CVE-2018-6155: Use after free in WebRTC - CVE-2018-6156: Heap buffer overflow in WebRTC -...

Security update for Chromium (important)

This update for Chromium to version 68.0.3440.75 fixes multiple issues. Security issues fixed boo1102530: - CVE-2018-6153: Stack buffer overflow in Skia - CVE-2018-6154: Heap buffer overflow in WebGL - CVE-2018-6155: Use after free in WebRTC - CVE-2018-6156: Heap buffer overflow in WebRTC -...

[SECURITY] [DSA 4256-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4256-1 [email protected] https://www.debian.org/security/ Michael Gilbert July 26, 2018 https://www.debian.org/security/faq -...

CVE-2018-4117

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It...

CVE-2018-6161

Insufficient policy enforcement in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

Google Chrome Blink CORS Bypass Vulnerability

Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A security vulnerability exists in Blink in Google Chrome versions prior to 68.0.3440.75. The vulnerability can be exploited by ...

Google Chrome Same Origin Policy Bypass Vulnerability (CNVD-2018-17046)

Google Chrome is a web browser developed by the American company Google Google. A same-origin policy bypass vulnerability exists in ServiceWorker in Google Chrome. An attacker can exploit the vulnerability to bypass security restrictions and perform unauthorized operations...

Google Chrome Same Origin Policy Bypass Vulnerability (CNVD-2018-17048)

Google Chrome is a web browser developed by the American company Google Google. A same-origin policy bypass vulnerability exists in WebAudio in Google Chrome. An attacker can exploit the vulnerability to bypass security restrictions and perform unauthorized operations...

Google Chrome Same Origin Policy Bypass Vulnerability (CNVD-2018-17051)

Google Chrome is a web browser developed by the American company Google Google. A same-origin policy bypass vulnerability exists in ServiceWorker in Google Chrome. An attacker can exploit the vulnerability to bypass security restrictions and perform unauthorized operations...

Google Chrome extension installation privilege bypass vulnerability

Google Chrome is a web browser developed by Google, Inc. extension installation is one of the plug-in installation program. A security vulnerability exists in extension installation in Google Chrome versions prior to 68.0.3440.75. A remote attacker can exploit this vulnerability to bypass the...

Debian: Security Advisory (DSA-4256-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla: CSRF attacks through 307 redirects and NPAPI plugins

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 68 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 68.0.3440.75 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 42 security fixes in this release, including: 850350 High CVE-2018-6153: Stack buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2018-06-07 848914 High CVE-2018-6154: Heap buffer overflow in WebGL. Reported by Omair on 2018-06-01 842265 Hig...

Shopify: Preview bar: Incomplete message origin validation results in XSS

The JavaScript code at https://cdn.shopify.com/s/assets/storefront/bars/previewbarinjector-73a4756a265c637c998799750759ae548e7f68b136e8e93e83132904afc3d30d.js loaded by the shop front when a theme is previewed installs a message event listener. The following check is used to reject invalid event...