Page 135 of 1428 results (0.028 seconds)

CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0

A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un desbordamiento numérico en Skia en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Linux, Windows y Mac y a la 58.0.3029.83 para Android, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/700836 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5063 https://bugzilla.redhat.com/show_bug.cgi?id=1443841 • CWE-190: Integer Overflow or Wraparound •

CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0

Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. La falta de mecanismos suficientes para el cumplimiento de políticas en Omnibox en Google Chrome en versiones anteriores a la 58.0.3029.81 para Mac, Windows y Linux y a la 58.0.3029.83 para Android, permitía que un atacante remoto realizase una suplantación de dominio mediante homografías de IDN en un nombre de dominio manipulado. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/683314 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5060 https://bugzilla.redhat.com/show_bug.cgi?id=1443838 • CWE-863: Incorrect Authorization •

CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0

Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page. Verificaciones insuficientes de consistencia en la manipulación de firmas en la pila de red en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Mac, Windows y Linux y a la 58.0.3029.83 para Android, permitían que un atacante remoto aceptase un certificado X.509 mal formado mediante una página HTML manipulada. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/690821 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5066 https://bugzilla.redhat.com/show_bug.cgi?id=1443848 • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Un temporizador guardián deficiente en navigation en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Linux, Windows y Mac, permitía que un atacante remoto suplantase el contenido de la Omnibox (barra de direcciones) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/648117 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5067 https://bugzilla.redhat.com/show_bug.cgi?id=1443849 • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0

Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent Cross-Origin Resource Sharing checks via a crafted HTML page. Un tipo MIME incorrecto de informes XSS-Protection en Blink en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Linux, Windows y Mac y a la 58.0.3029.83 para Android, permitía que un atacante remoto sortease las comprobaciones Cross-Origin Resource Sharing mediante una página HTML manipulada. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/691726 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5069 https://bugzilla.redhat.com/show_bug.cgi?id=1443850 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •