Page 108 of 552 results (0.011 seconds)

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0

CVE-2017-5035 – chromium-browser: incorrect security ui in omnibox

https://notcve.org/view.php?id=CVE-2017-5035

Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site. En Google Chrome versiones anteriores a 57.0.2987.98 para Windows y Mac, se ocasiona una condición de carrera que podría causar que Chrome muestre información de certificado incorrecta de un sitio. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/688425 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5035 https://bugzilla.redhat.com/show_bug.cgi?id=1431036 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0

CVE-2017-5042 – chromium-browser: incorrect handling of cookies in cast

https://notcve.org/view.php?id=CVE-2017-5042

Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent. Cast en Google Chrome versiones anteriores a 57.0.2987.98 para Mac, Windows y Linux y versión 57.0.2987.108 para Android envía cookies a sitios descubiertos a través de SSDP, hecho que permitiría a un atacante en el segmento de red local iniciar conexiones a URLs arbitrarias pudiendo observar en texto plano cualquier cookie enviada. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/671932 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5042 https://bugzilla.redhat.com/show_bug.cgi?id=1431043 • CWE-311: Missing Encryption of Sensitive Data •

CVSS: 6.5EPSS: 1%CPEs: 11EXPL: 0

CVE-2017-5046 – chromium-browser: information disclosure in blink

https://notcve.org/view.php?id=CVE-2017-5046

V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure. V8 de Google Chrome en versiones anteriores a 57.0.2987.98 para Mac, Windows y Linux y versión 57.0.2987.108 para Android tiene una aplicación de política insuficiente lo que permitiría a un atacante remoto falsear el objeto de ubicación a través de una página HTML especialmente diseñada. Relacionada con la revelación de información de Blink. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/680409 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5046 https://bugzilla.redhat.com/show_bug.cgi?id=1431048 •

CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0

CVE-2017-5043 – chromium-browser: use after free in guestview

https://notcve.org/view.php?id=CVE-2017-5043

Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. Chrome Apps de Google Chrome versiones anteriores a 57.0.2987.98 para Linux, Windows y Mac, debido a un fallo de uso después de liberación en GuestView, permitiría a un atacante remoto leer la memoria fuera de los límites a través de una extensión de Chrome especialmente diseñada. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/683523 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5043 https://bugzilla.redhat.com/show_bug.cgi?id=1431045 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0

CVE-2017-5039 – chromium-browser: use after free in pdfium

https://notcve.org/view.php?id=CVE-2017-5039

A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Un uso después de liberación en PDFium de Google Chrome versiones anteriores a 57.0.2987.98 para Mac, Windows y Linux y versión 57.0.2987.108 para Android permitiría a un usuario remoto provocar una corrupción de memoria dinámica (heap) a través de una archivo PDF especialmente diseñado. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/679649 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5039 https://bugzilla.redhat.com/show_bug.cgi?id=1431039 • CWE-416: Use After Free •