CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2017-5118 – chromium-browser: bypass of content security policy in blink
https://notcve.org/view.php?id=CVE-2017-5118
12 Sep 2017 — Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page. Blink en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Mac, Windows y Linux y a la 61.0.3163.81 para Android, no propagaba correctamente las restricciones CSP para páginas de temas JavaScript, lo que permitía que un atacante r... • http://www.debian.org/security/2017/dsa-3985 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2017-5119 – chromium-browser: use of uninitialized value in skia
https://notcve.org/view.php?id=CVE-2017-5119
12 Sep 2017 — Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. El uso de un valor no inicializado en Skia en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Mac, Windows y Linux y a la 61.0.3163.81 para Android, permitía que un atacante remoto pudiese obtener información sensible de la memoria de procesos med... • http://www.debian.org/security/2017/dsa-3985 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2017-5120 – chromium-browser: potential https downgrade during redirect navigation
https://notcve.org/view.php?id=CVE-2017-5120
12 Sep 2017 — Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in... • http://www.debian.org/security/2017/dsa-3985 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10403 – Google Chrome PDFium JPEG Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-10403
23 Aug 2017 — Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. La validación de datos insuficiente en image data en PDFium en Google Chrome, en versiones anteriores a la 51.0.2704.63, permitió que un atacante remoto realizara una lectura de memoria fuera de límites mediante un archivo PDF manipulado. This vulnerability allows an attacker to leak sensitive information on vulnerable installat... • https://chromereleases.googleblog.com/2016/05/stable-channel-update_25.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 2%CPEs: 6EXPL: 0CVE-2017-5100 – chromium-browser: use after free in chrome apps
https://notcve.org/view.php?id=CVE-2017-5100
31 Jul 2017 — A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso de memoria previamente liberada en Apps en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Windows, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 60.0.... • http://www.debian.org/security/2017/dsa-3926 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-5101 – chromium-browser: url spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5101
31 Jul 2017 — Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. Una implementación incorrecta en Omnibox en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Linux, Windows y Mac, permitía que un atacante remoto suplantase el contenido de Omnibox mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chrom... • http://www.debian.org/security/2017/dsa-3926 •
CVSS: 6.5EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5102 – chromium-browser: uninitialized use in skia
https://notcve.org/view.php?id=CVE-2017-5102
31 Jul 2017 — Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. El uso de un valor no inicializado en Skia en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto obtuviese información sensible de la memoria de procesos mediante una página HTML manipulada. Chromium is an ope... • http://www.debian.org/security/2017/dsa-3926 • CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 0CVE-2017-5103 – chromium-browser: uninitialized use in skia
https://notcve.org/view.php?id=CVE-2017-5103
31 Jul 2017 — Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. El uso de un valor no inicializado en Skia en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Linux, Windows y Mac, permitía que un atacante remoto obtuviese información sensible de la memoria de procesos mediante una página HTML manipulada. Chromium is an open-source web brows... • http://www.debian.org/security/2017/dsa-3926 • CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-5104 – chromium-browser: ui spoofing in browser
https://notcve.org/view.php?id=CVE-2017-5104
31 Jul 2017 — Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page. Una implementación incorrecta en interstitials en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, permitía que un atacante remoto suplantase el contenido de Omnibox mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 60.0.3112.... • http://www.debian.org/security/2017/dsa-3926 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5105 – chromium-browser: url spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5105
31 Jul 2017 — Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. La falta de mecanismos suficientes para el cumplimiento de políticas en Omnibox en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto realizase una suplantación de dominio mediante homografías de IDN en un nombre de domin... • http://www.debian.org/security/2017/dsa-3926 • CWE-20: Improper Input Validation •