#CVE-2018-5176: JSON Viewer script injection.#CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies.#CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update.#CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters.#CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer.#CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages.#CVE-2018-5168: Lightweight themes can be installed without user interaction.#CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger.#CVE-2018-5166: WebExtension host permission bypass through filterReponseData. #CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace.#CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache.#CVE-2018-5153: Out-of-bounds read in mixed content websocket messages.#CVE-2018-5152: WebExtensions information leak through webRequest API.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |