CVSS: 9.6EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5087 – chromium-browser: sandbox escape in indexeddb
https://notcve.org/view.php?id=CVE-2017-5087
19 Jun 2017 — A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape. Un uso de memoria previamente liberada en Blink en Google Chrome, en versiones anteriores a la 59.0.3071.104 para Mac, Windows y Linux y a la 59.0.3071.117 para Android, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante u... • http://www.debian.org/security/2017/dsa-3926 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5088 – chromium-browser: out of bounds read in v8
https://notcve.org/view.php?id=CVE-2017-5088
19 Jun 2017 — Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Una validación insuficiente de entradas no fiables en V8 en Google Chrome, en versiones anteriores a la 59.0.3071.104 para Mac, Windows y Linux y a la 59.0.3071.117 para Android, permitía que un atacante remoto realizase un acceso a la memoria fuera de límites mediante una... • http://www.debian.org/security/2017/dsa-3926 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1207
https://notcve.org/view.php?id=CVE-2015-1207
06 Jun 2017 — Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file. Vulnerabilidad Double-free en libavformat/mov.c en FFMPEG en Google Chrome versión 41.0.2251.0, que permitiría a atacantes remotos causar una denegación de servicio (corrupción de memoria y parada) a través de un fichero .m4a file manipulado. • https://bugs.chromium.org/p/chromium/issues/detail?id=444539 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5082 – chromium-browser: insufficient hardening in credit card editor
https://notcve.org/view.php?id=CVE-2017-5082
06 Jun 2017 — Failure to take advantage of available mitigations in credit card autofill in Google Chrome prior to 59.0.3071.92 for Android allowed a local attacker to take screen shots of credit card information via a crafted HTML page. Un fallo a la hora de aprovechar las mitigaciones disponibles en el autocompletado de tarjeta de crédito en Google Chrome, en versiones anteriores a la 59.0.3071.92 para Android, permitía que un atacante local realizase capturas de pantalla de linformación de tarjetas de crédito mediante... • http://www.securityfocus.com/bid/98861 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5077 – chromium-browser: heap buffer overflow in skia
https://notcve.org/view.php?id=CVE-2017-5077
06 Jun 2017 — Insufficient validation of untrusted input in Skia in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Validación insuficiente de entradas no fiables en Skia en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Linux, Windows y Mac y a la 59.0.3071.92 para Android, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una pá... • http://www.securityfocus.com/bid/98861 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2017-5080 – chromium-browser: use after free in credit card autofill
https://notcve.org/view.php?id=CVE-2017-5080
06 Jun 2017 — A use after free in credit card autofill in Google Chrome prior to 59.0.3071.86 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso de memoria previamente liberada en el autocompletado de tarjeta de crédito en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Linux y Windows, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. Chromium is an open-source web brows... • http://www.securityfocus.com/bid/98861 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-5074 – chromium-browser: use after free in apps bluetooth
https://notcve.org/view.php?id=CVE-2017-5074
06 Jun 2017 — A use after free in Chrome Apps in Google Chrome prior to 59.0.3071.86 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, related to Bluetooth. Un uso de memoria previamente liberada en Chrome Apps en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Windows, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. Esto está relacionado con Bluetooth. Chromium is an open-source web b... • http://www.securityfocus.com/bid/98861 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5083 – chromium-browser: ui spoofing in blink
https://notcve.org/view.php?id=CVE-2017-5083
06 Jun 2017 — Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. Una implementación incorrecta en Blink en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Mac, Windows y Linux y a la 59.0.3071.92 para Android, permitía que un atacante remoto mostrase la interfaz de usuario en una pestaña no controlada por el atacante mediante u... • http://www.securityfocus.com/bid/98861 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2017-5078 – chromium-browser: possible command injection in mailto handling
https://notcve.org/view.php?id=CVE-2017-5078
06 Jun 2017 — Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as * have an incorrect interaction with xdg-email in xdg-utils, and a space character can be used in front of a command-line argument. Validación insuficiente de entradas no fiables en la manipulación de mailto: de Blink en Google ... • http://www.securityfocus.com/bid/98861 •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5075 – chromium-browser: information leak in csp reporting
https://notcve.org/view.php?id=CVE-2017-5075
06 Jun 2017 — Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page. Una implementación inapropiada en la creación de informes de CSP en Blink en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Linux, Windows y Mac y a la 59.0.3071.92 para Android, permitía que un atacante remoto obtuviese el valor de fragmentos de URL media... • http://www.securityfocus.com/bid/98861 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •