Type confusion in V8 in Google Chrome prior to. 159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Use after free in Printing in Google Chrome prior to. 159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Use after free in Extensions API in Google Chrome prior to. 159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. Use after free in WebRTC in Google Chrome prior to. 159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.ĭata race in WebAudio in Google Chrome prior to. Use after free in ANGLE in Google Chrome prior to. Successful exploitation depends on the browser used by a potential victim (e.g., exploitation can occur with Firefox but not Chrome). AaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least one host).
