CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5214 – chromium-browser: file download protection bypass
https://notcve.org/view.php?id=CVE-2016-5214
05 Dec 2016 — Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page. Google Chrome anterior a 55.0.2883.75 para Windows no maneja adecuadamente archivos descargados, lo que permitió a un atacante remoto impedir que el archivo descargado recibiera la Mark de la Web a través de una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgra... • http://rhn.redhat.com/errata/RHSA-2016-2919.html • CWE-19: Data Processing Errors •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5222 – chromium-browser: address spoofing in omnibox
https://notcve.org/view.php?id=CVE-2016-5222
05 Dec 2016 — Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Manejo incorrecto de URLs no válidas en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante remoto suplantar los contenidos de la Omnibox (barra de URL) a través de una página HTML manipulada. Multiple vulnerabilities we... • http://rhn.redhat.com/errata/RHSA-2016-2919.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5203 – chromium-browser: use after free in pdfium
https://notcve.org/view.php?id=CVE-2016-5203
05 Dec 2016 — A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Un uso después de liberación de memoria en PDFium en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante remoto explotar potencialmente una corrupción de memoria a través de un archivo PDF manipulado. Chromium is an open-source web brows... • http://rhn.redhat.com/errata/RHSA-2016-2919.html • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5226 – chromium-browser: limited xss in blink
https://notcve.org/view.php?id=CVE-2016-5226
05 Dec 2016 — Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. Blink en Google Chrome anterior a 55.0.2883.75 para Linux, Windows y Mac ejecutó javascript: las URLs escritas en la barra de URL en el contexto de la pestaña actual, lo que permitió a un usuario de ingeniería social realizar XSS por si... • http://rhn.redhat.com/errata/RHSA-2016-2919.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5207 – chromium-browser: universal xss in blink
https://notcve.org/view.php?id=CVE-2016-5207
05 Dec 2016 — In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page. En Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android, la corrupción del árbol DOM puede ocurrir durante la eliminación de un elemento de pantalla completa, lo que permitió a un a... • http://rhn.redhat.com/errata/RHSA-2016-2919.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5201 – chromium-browser: info leak in extensions
https://notcve.org/view.php?id=CVE-2016-5201
15 Nov 2016 — A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page. Un fuga de privateClass en la API de extensiones en Google Chrome anterior a 54.0.2840.100 para Linux y 54.0.2840.99 para Windows y 54.0.2840.98 para Mac permitió a un atacante remoto acceder a código JavaScript privilegiado a través de una página HTML manipulada. Chromium... • http://rhn.redhat.com/errata/RHSA-2016-2718.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5202 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-5202
15 Nov 2016 — browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy. El archivo browser/extensions/api/dial/dial_registry.cc en Google Chrome versiones anteriores a 54.0.2840.98 en macOS, versiones anteriores a 54.0.2840.99 en Windows y versiones anteriores a 54.0.2840.100 en Linux... • http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00029.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5199 – chromium-browser: heap corruption in ffmpeg
https://notcve.org/view.php?id=CVE-2016-5199
15 Nov 2016 — An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Un error por un paso resultando en una asignación de tamaño cero en FFmpeg en Google Chrome anterior a 54.0.2840.98 para Mac y 54.0.2840.99 para Windows y 54.0.2840.100 para Linux y 55.0.2883.84 para Android permiti... • http://rhn.redhat.com/errata/RHSA-2016-2718.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5200 – chromium-browser: out of bounds memory access in v8
https://notcve.org/view.php?id=CVE-2016-5200
15 Nov 2016 — V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. V8 en Google Chrome anterior a 54.0.2840.98 para Mac y 54.0.2840.99 para Windows y 54.0.2840.100 para Linux y 55.0.2883.84 para Android aplica incorrectamente reglas de tipo, lo que permite a atacantes remotos explotar potencialmente una corrupc... • http://rhn.redhat.com/errata/RHSA-2016-2718.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 64%CPEs: 10EXPL: 1CVE-2016-5198 – Google Chromium V8 Out-of-Bounds Memory Vulnerability
https://notcve.org/view.php?id=CVE-2016-5198
08 Nov 2016 — V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page. V8 en Google Chrome anterior a 54.0.2840.90 para Linux y 54.0.2840.85 para Android y 54.0.2840.87 para Windows y Mac incluyeron asunciones de optimización incorrectas, lo que permitió a un atacante remoto realizar opera... • http://rhn.redhat.com/errata/RHSA-2016-2672.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •