CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-15429 – chromium-browser: uxss in v8
https://notcve.org/view.php?id=CVE-2017-15429
18 Dec 2017 — Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. Implementación inadecuada en los enlaces V8 WebAssembly JS en Google Chrome en versiones anteriores a la 63.0.3239.108 permitía que un atacante remoto inyectase scripts o HTML arbitrarios (UXSS) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromiu... • http://www.securityfocus.com/bid/102196 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2017-15410 – chromium-browser: use after free in pdfium
https://notcve.org/view.php?id=CVE-2017-15410
07 Dec 2017 — Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Uso de memoria previamente liberada en PDFium en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 63.0.3239.84. Security Fix:... • https://access.redhat.com/errata/RHSA-2017:3401 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2017-15409 – chromium-browser: out of bounds write in skia
https://notcve.org/view.php?id=CVE-2017-15409
07 Dec 2017 — Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Desbordamiento de búfer basado en memoria dinámica (heap) en Skia en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 6... • https://access.redhat.com/errata/RHSA-2017:3401 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15425 – chromium-browser: url spoof in omnibox
https://notcve.org/view.php?id=CVE-2017-15425
07 Dec 2017 — Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. Una aplicación de políticas insuficiente en Omnibox en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto suplantase dominios mediante homogramas IDN en un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 63.0.3239... • https://access.redhat.com/errata/RHSA-2017:3401 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15418 – chromium-browser: use of uninitialized value in skia
https://notcve.org/view.php?id=CVE-2017-15418
07 Dec 2017 — Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Uso de memoria no inicializada en Skia en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto pudiese obtener información potencialmente sensible del la memoria del proceso mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgra... • https://access.redhat.com/errata/RHSA-2017:3401 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15424 – chromium-browser: url spoof in omnibox
https://notcve.org/view.php?id=CVE-2017-15424
07 Dec 2017 — Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. Una aplicación de políticas insuficiente en Omnibox en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto suplantase dominios mediante homogramas IDN en un nombre de dominio manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 63.0.3239... • https://access.redhat.com/errata/RHSA-2017:3401 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15419 – chromium-browser: cross origin leak of redirect url in blink
https://notcve.org/view.php?id=CVE-2017-15419
07 Dec 2017 — Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page. Aplicación de políticas insuficiente en Resource Timing API in Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto dedujese el historial de navegación desencadenando una URL cross-origin filtrada mediante una página HTML manipulada. Chromium is an open-source web b... • https://access.redhat.com/errata/RHSA-2017:3401 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2017-15411 – chromium-browser: use after free in pdfium
https://notcve.org/view.php?id=CVE-2017-15411
07 Dec 2017 — Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Uso de memoria previamente liberada en PDFium en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 63.0.3239.84. Security Fix:... • https://access.redhat.com/errata/RHSA-2017:3401 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15416 – chromium-browser: out of bounds read in blink
https://notcve.org/view.php?id=CVE-2017-15416
07 Dec 2017 — Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read. Desbordamiento de búfer basado en memoria dinámica (heap) en Blob API en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. Esto también se conoce como lectura Blink fuera de límites. C... • https://access.redhat.com/errata/RHSA-2017:3401 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15415 – chromium-browser: pointer information disclosure in ipc call
https://notcve.org/view.php?id=CVE-2017-15415
07 Dec 2017 — Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page. Serialización incorrecta en IPC en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto filtrase el valor de un puntero mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 63.0.3239.84. Security Fix: Multiple flaws were found in the process... • https://access.redhat.com/errata/RHSA-2017:3401 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •