CVSS: 9.6EPSS: 1%CPEs: 1EXPL: 0CVE-2012-5376
https://notcve.org/view.php?id=CVE-2012-5376
The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112. La implementación de Inter-process Communication (IPC) en Google Chrome anteriores a v22.0.1229.94 permite a atacantes remotos evitar las restricciones del entorno de ejecución seguro "sandbox" establecidos y escribir en ficheros aprovechando el acceso a procesos de renderizado, es una vulnerabilidad distinta a CVE-2012-5112. • http://blog.chromium.org/2012/10/pwnium-2-results-and-wrap-up_10.html http://code.google.com/p/chromium/issues/detail?id=154983 http://code.google.com/p/chromium/issues/detail?id=154987 http://googlechromereleases.blogspot.com/2012/10/stable-channel-update_6105.html http://osvdb.org/86156 http://secunia.com/advisories/50954 https://exchange.xforce.ibmcloud.com/vulnerabilities/79186 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15156 • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 102EXPL: 0CVE-2012-3697
https://notcve.org/view.php?id=CVE-2012-3697
WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise. • http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html http://support.apple.com/kb/HT5400 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3084
https://notcve.org/view.php?id=CVE-2011-3084
Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page, which might allow attackers to bypass intended sandbox restrictions via a crafted page. Google Chrome anterior a v19.0.1084.46 no utiliza un proceso exclusivo para la carga de los enlaces que se encuentran en una página interna, permitiendo así que un atacante eluda las restricciones de la sandbox a través de una página diseñada. • http://code.google.com/p/chromium/issues/detail?id=113496 http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00009.html http://security.gentoo.org/glsa/glsa-201205-03.xml http://www.securityfocus.com/bid/53540 http://www.securitytracker.com/id?1027067 https://exchange.xforce.ibmcloud.com/vulnerabilities/75589 https://oval.cisecurity. • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3080
https://notcve.org/view.php?id=CVE-2011-3080
Race condition in the Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168 allows attackers to bypass intended sandbox restrictions via unspecified vectors. Condición de carrera en la comunicación entre procesos (IPC), la aplicación en Google Chrome anterior a v18.0.1025.168 permite a los atacantes eludir restricciones de la "sandbox" a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=121726 http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html http://osvdb.org/81646 http://secunia.com/advisories/48992 http://www.securityfocus.com/bid/53309 http://www.securitytracker.com/id?1027001 https://exchange.xforce.ibmcloud.com/vulnerabilities/75272 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15623 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2012-1846
https://notcve.org/view.php?id=CVE-2012-1846
Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. ... Google Chrome v17.0.963.66 y anteriores permite a atacantes remotos eludir el mecanismo de protección de sandbox, aprovechando el acceso a un proceso securizado, tal y como lo demuestró VUPEN durante una competición Pwn2Own en CanSecWest 2012. • http://pwn2own.zerodayinitiative.com/status.html http://twitter.com/vupen/statuses/177576000761237505 http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588 https://exchange.xforce.ibmcloud.com/vulnerabilities/74324 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14940 • CWE-668: Exposure of Resource to Wrong Sphere •