CVSS: 8.8EPSS: 4%CPEs: 9EXPL: 0CVE-2017-5121 – chromium-browser: out-of-bounds access in v8
https://notcve.org/view.php?id=CVE-2017-5121
25 Sep 2017 — Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. El uso inapropiado de la optimización JIT en V8 en Google Chrome, en versiones anteriores a la 61.0.3163.100 para Linux, Windows y Mac, permitía que un atacante remoto ejecutase código arbitrario en un espacio aislado o sandbox mediante una página HTML manipulada. Est... • http://www.debian.org/security/2017/dsa-3985 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2017-5122 – chromium-browser: out-of-bounds access in v8
https://notcve.org/view.php?id=CVE-2017-5122
25 Sep 2017 — Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page. El uso incorrecto de la manipulación de tamaños de tabla en V8 en Google Chrome, en versiones anteriores a la 61.0.3163.100 para Windows, permitía que un atacante remoto desencadenase un acceso fuera de límites mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Ch... • http://www.debian.org/security/2017/dsa-3985 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2017-5120 – chromium-browser: potential https downgrade during redirect navigation
https://notcve.org/view.php?id=CVE-2017-5120
12 Sep 2017 — Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in... • http://www.debian.org/security/2017/dsa-3985 •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5111 – chromium-browser: use after free in pdfium
https://notcve.org/view.php?id=CVE-2017-5111
12 Sep 2017 — A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. Un uso de memoria previamente liberada en PDFium en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Linux, Windows y Mac, permitía que un atacante remoto pudiese explotar una corrupción de memoria mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades ... • http://www.debian.org/security/2017/dsa-3985 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-5117 – chromium-browser: use of uninitialized value in skia
https://notcve.org/view.php?id=CVE-2017-5117
12 Sep 2017 — Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. El uso de un valor no inicializado en Skia en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Linux y Windows, permitía que un atacante remoto pudiese obtener información sensible de la memoria de procesos mediante una página HTML manipulada. Chromium is an open-source web browser, p... • http://www.debian.org/security/2017/dsa-3985 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 2%CPEs: 11EXPL: 0CVE-2017-5113 – chromium-browser: heap buffer overflow in skia
https://notcve.org/view.php?id=CVE-2017-5113
12 Sep 2017 — Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento aritmético en Skia en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Mac, windows y Linux y a la 61.0.3163.81 para Android, permitía que un atacante remoto pudiese explotar una corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an... • http://www.debian.org/security/2017/dsa-3985 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2017-5118 – chromium-browser: bypass of content security policy in blink
https://notcve.org/view.php?id=CVE-2017-5118
12 Sep 2017 — Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page. Blink en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Mac, Windows y Linux y a la 61.0.3163.81 para Android, no propagaba correctamente las restricciones CSP para páginas de temas JavaScript, lo que permitía que un atacante r... • http://www.debian.org/security/2017/dsa-3985 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0CVE-2017-5114 – chromium-browser: memory lifecycle issue in pdfium
https://notcve.org/view.php?id=CVE-2017-5114
12 Sep 2017 — Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. El uso incorrecto de asignaciones de particiones en PDFium en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Linux, Windows y Mac y a la 61.0.3163.81 para Android, permitía que un atacante remoto pudiese explotar una corrupción de memoria mediante un archivo PD... • http://www.debian.org/security/2017/dsa-3985 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 14%CPEs: 11EXPL: 0CVE-2017-5116 – chromium-browser: type confusion in v8
https://notcve.org/view.php?id=CVE-2017-5116
12 Sep 2017 — Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Una confusión de tipos en V8 en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Mac, Windows y Linux y a la 61.0.3163.81 para Android, permitía que un atacante remoto ejecutase código arbitrario dentro de un espacio aislado o sandbox mediante una página HTML manipulada. Chromium is an... • http://www.debian.org/security/2017/dsa-3985 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 27%CPEs: 2EXPL: 0CVE-2017-5112 – chromium-browser: heap buffer overflow in webgl
https://notcve.org/view.php?id=CVE-2017-5112
12 Sep 2017 — Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Un desbordamiento de búfer basado en memoria dinámica (heap) en WebGL en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Windows, permitía que un atacante remoto ejecutase código arbitrario en un espacio aislado o sandbox mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This ... • http://www.debian.org/security/2017/dsa-3985 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •