CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5083 – chromium-browser: ui spoofing in blink
https://notcve.org/view.php?id=CVE-2017-5083
06 Jun 2017 — Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. Una implementación incorrecta en Blink en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Mac, Windows y Linux y a la 59.0.3071.92 para Android, permitía que un atacante remoto mostrase la interfaz de usuario en una pestaña no controlada por el atacante mediante u... • http://www.securityfocus.com/bid/98861 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2017-5078 – chromium-browser: possible command injection in mailto handling
https://notcve.org/view.php?id=CVE-2017-5078
06 Jun 2017 — Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as * have an incorrect interaction with xdg-email in xdg-utils, and a space character can be used in front of a command-line argument. Validación insuficiente de entradas no fiables en la manipulación de mailto: de Blink en Google ... • http://www.securityfocus.com/bid/98861 •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2017-5081 – chromium-browser: extension verification bypass
https://notcve.org/view.php?id=CVE-2017-5081
06 Jun 2017 — Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files. Una falta de verificación de la carpeta locale de una extensión en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Mac, Windows y Linux y a la 59.0.3071.92 para Android, permitía que un atacante con acceso de escritura local modificase extensiones medi... • http://www.securityfocus.com/bid/98861 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5075 – chromium-browser: information leak in csp reporting
https://notcve.org/view.php?id=CVE-2017-5075
06 Jun 2017 — Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page. Una implementación inapropiada en la creación de informes de CSP en Blink en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Linux, Windows y Mac y a la 59.0.3071.92 para Android, permitía que un atacante remoto obtuviese el valor de fragmentos de URL media... • http://www.securityfocus.com/bid/98861 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5071 – chromium-browser: out of bounds read in v8
https://notcve.org/view.php?id=CVE-2017-5071
06 Jun 2017 — Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Una validación insuficiente de entradas no fiables en V8 en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Linux, Windows y Mac y a la 59.0.3071.92 para Android, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una pági... • http://www.securityfocus.com/bid/98861 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5079 – chromium-browser: ui spoofing in blink
https://notcve.org/view.php?id=CVE-2017-5079
06 Jun 2017 — Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. Una implementación inapropiada en Blink en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Mac, Windows y Linux y a la 59.0.3071.92 para Android, permitía que un atacante remoto mostrase la interfaz de usuario en una pestaña no controlada por el atacante mediante ... • http://www.securityfocus.com/bid/98861 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5073 – chromium-browser: use after free in print preview
https://notcve.org/view.php?id=CVE-2017-5073
06 Jun 2017 — Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso de memoria previamente liberada en la vista previa de impresión en Blink en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Linux, Windows y Mac y a la 59.0.3071.92 para Android, permitía que un atacante remoto realizase una lectura de memoria fuera de límites ... • http://www.securityfocus.com/bid/98861 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5077 – chromium-browser: heap buffer overflow in skia
https://notcve.org/view.php?id=CVE-2017-5077
06 Jun 2017 — Insufficient validation of untrusted input in Skia in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Validación insuficiente de entradas no fiables en Skia en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Linux, Windows y Mac y a la 59.0.3071.92 para Android, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una pá... • http://www.securityfocus.com/bid/98861 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-5074 – chromium-browser: use after free in apps bluetooth
https://notcve.org/view.php?id=CVE-2017-5074
06 Jun 2017 — A use after free in Chrome Apps in Google Chrome prior to 59.0.3071.86 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, related to Bluetooth. Un uso de memoria previamente liberada en Chrome Apps en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Windows, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. Esto está relacionado con Bluetooth. • http://www.securityfocus.com/bid/98861 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 82%CPEs: 9EXPL: 1CVE-2017-5070 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2017-5070
06 Jun 2017 — Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Una confusión de tipos en V8 en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Linux, Windows y Mac y a la 59.0.3071.92 para Android, permitía que un atacante remoto ejecutase código arbitrario dentro de un espacio aislado o sandbox mediante una página HTML manipulada. Google Chromiu... • http://www.securityfocus.com/bid/98861 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •