CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5069 – chromium-browser: cross-origin bypass in blink
https://notcve.org/view.php?id=CVE-2017-5069
25 Apr 2017 — Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent Cross-Origin Resource Sharing checks via a crafted HTML page. Un tipo MIME incorrecto de informes XSS-Protection en Blink en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Linux, Windows y Mac y a la 58.0.3029.83 para Android, permitía que un atacante remoto sortease las comprobaciones Cross-Origin Reso... • http://www.securityfocus.com/bid/97939 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-5058 – chromium-browser: heap use after free in print preview
https://notcve.org/view.php?id=CVE-2017-5058
25 Apr 2017 — A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Un uso de memoria previamente liberada en PrintPreview en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Windows, permitía que un atacante remoto pudiese realizar un acceso a la memoria fuera de límites mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update ... • http://www.securityfocus.com/bid/97939 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5057 – chromium-browser: type confusion in pdfium
https://notcve.org/view.php?id=CVE-2017-5057
25 Apr 2017 — Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. Verificaciones insuficientes de consistencia en la manipulación de firmas en la pila de red en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Mac, Windows y Linux y a la 58.0.3029.83 para Android, permitían que un atacante remoto aceptase un certificado X.509 mal formado mediante una... • http://www.securityfocus.com/bid/97939 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-5065 – chromium-browser: incorrect ui in blink
https://notcve.org/view.php?id=CVE-2017-5065
25 Apr 2017 — Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page. La falta de una acción adecuada en la navegación de páginas en Blink en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Windows y Mac, permitía que un atacante remoto pudiese confundir a un usuario para que realizase una decisión en materia de seguridad inc... • http://www.securityfocus.com/bid/97939 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5060 – chromium-browser: url spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5060
25 Apr 2017 — Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. La falta de mecanismos suficientes para el cumplimiento de políticas en Omnibox en Google Chrome en versiones anteriores a la 58.0.3029.81 para Mac, Windows y Linux y a la 58.0.3029.83 para Android, permitía que un atacante remoto realizase una suplantación de dominio medi... • http://www.securityfocus.com/bid/97939 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5168
https://notcve.org/view.php?id=CVE-2016-5168
21 Apr 2017 — Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information. Skia, tal como se usa en Google Chrome en versiones anteriores a 50.0.2661.94, permite a atacantes remotos eludir la Same Origin Policy y obtener la información sensible. • http://www.securityfocus.com/bid/89106 • CWE-346: Origin Validation Error •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5056 – chromium-browser: use after free in blink
https://notcve.org/view.php?id=CVE-2017-5056
31 Mar 2017 — A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso de memoria previamente liberada en Blink en Google Chrome, en versiones anteriores a la 57.0.2987.133 para Linux, Windows y Mac y a la 57.0.2987.132 para Android, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. Chromi... • http://www.securityfocus.com/bid/97220 • CWE-416: Use After Free •
CVSS: 9.6EPSS: 48%CPEs: 9EXPL: 0CVE-2017-5053 – Google Chrome Array indexOf Out-Of-Bounds Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-5053
31 Mar 2017 — An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf. Una lectura fuera de límites en V8 en Google Chrome, en versiones anteriores a la 57.0.2987.133 para Linux, Windows y Mac y a la 57.0.2987.132 para Android, permitía que un atacante remoto ejecutase código arbitrario en un espacio aislado o sandbox media... • http://www.securityfocus.com/bid/97220 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5052 – chromium-browser: bad cast in blink
https://notcve.org/view.php?id=CVE-2017-5052
31 Mar 2017 — An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting. Una hipótesis incorrecta sobre la estructura en bloques en Blink en Google Chrome, en versiones anteriores a la 57.0.2987.133 para Mac, Windows y Linux y a la versión 57.0.2987.132 para Android, permitía que un atacante remoto pudiese... • http://www.securityfocus.com/bid/97220 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5054 – chromium-browser: heap buffer overflow in v8
https://notcve.org/view.php?id=CVE-2017-5054
31 Mar 2017 — An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page. Una lectura fuera de límites en V8 en Google Chrome, en versiones anteriores a la 57.0.2987.133 para Linux, Windows y Mac y a la 57.0.2987.132 para Android, permitía que un atacante remoto obtenga el contenido de la memoria dinámica (heap) mediante una página HTML manipulada. Chromium is an open-sourc... • http://www.securityfocus.com/bid/97220 • CWE-125: Out-of-bounds Read •