CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-5101 – chromium-browser: url spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5101
31 Jul 2017 — Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. Una implementación incorrecta en Omnibox en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Linux, Windows y Mac, permitía que un atacante remoto suplantase el contenido de Omnibox mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chrom... • http://www.debian.org/security/2017/dsa-3926 •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5093 – chromium-browser: ui spoofing in blink
https://notcve.org/view.php?id=CVE-2017-5093
31 Jul 2017 — Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page. Una implementación incorrecta en la manipulación de diálogos modal en Blink en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto evitase que se mostrase una advertencia en pantalla completa med... • http://www.debian.org/security/2017/dsa-3926 • CWE-20: Improper Input Validation CWE-223: Omission of Security-relevant Information •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5094 – chromium-browser: type confusion in extensions
https://notcve.org/view.php?id=CVE-2017-5094
31 Jul 2017 — Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page. Una confusión de tipos en extensions JavaScript bindings en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto pudiese modificar objetos con fines maliciosos mediante una página HTML manipulada. Chromium is an open-sourc... • http://www.debian.org/security/2017/dsa-3926 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2017-5097 – chromium-browser: out-of-bounds read in skia
https://notcve.org/view.php?id=CVE-2017-5097
31 Jul 2017 — Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Una validación insuficiente de entradas no fiables en Skia en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Linux, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update ... • http://www.debian.org/security/2017/dsa-3926 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5096 – chromium-browser: user information leak via android intents
https://notcve.org/view.php?id=CVE-2017-5096
31 Jul 2017 — Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents. La falta de mecanismos suficientes para el cumplimiento de políticas durante la navegación entre diferentes temas en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Android, permitía que un atacante remoto realizase una descarga de cross origin content median... • http://www.securityfocus.com/bid/99950 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2017-5108 – chromium-browser: type confusion in pdfium
https://notcve.org/view.php?id=CVE-2017-5108
31 Jul 2017 — Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file. Una confusión de tipos en PDFium en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto pudiese modificar objetos con fines maliciosos mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgr... • http://www.debian.org/security/2017/dsa-3926 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 2%CPEs: 6EXPL: 0CVE-2017-5100 – chromium-browser: use after free in chrome apps
https://notcve.org/view.php?id=CVE-2017-5100
31 Jul 2017 — A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso de memoria previamente liberada en Apps en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Windows, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 60.0.... • http://www.debian.org/security/2017/dsa-3926 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5105 – chromium-browser: url spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5105
31 Jul 2017 — Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. La falta de mecanismos suficientes para el cumplimiento de políticas en Omnibox en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto realizase una suplantación de dominio mediante homografías de IDN en un nombre de domin... • http://www.debian.org/security/2017/dsa-3926 • CWE-20: Improper Input Validation •
CVSS: 9.6EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5087 – chromium-browser: sandbox escape in indexeddb
https://notcve.org/view.php?id=CVE-2017-5087
19 Jun 2017 — A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape. Un uso de memoria previamente liberada en Blink en Google Chrome, en versiones anteriores a la 59.0.3071.104 para Mac, Windows y Linux y a la 59.0.3071.117 para Android, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante u... • http://www.debian.org/security/2017/dsa-3926 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5088 – chromium-browser: out of bounds read in v8
https://notcve.org/view.php?id=CVE-2017-5088
19 Jun 2017 — Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Una validación insuficiente de entradas no fiables en V8 en Google Chrome, en versiones anteriores a la 59.0.3071.104 para Mac, Windows y Linux y a la 59.0.3071.117 para Android, permitía que un atacante remoto realizase un acceso a la memoria fuera de límites mediante una... • http://www.debian.org/security/2017/dsa-3926 • CWE-125: Out-of-bounds Read •