CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5200 – chromium-browser: out of bounds memory access in v8
https://notcve.org/view.php?id=CVE-2016-5200
15 Nov 2016 — V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. V8 en Google Chrome anterior a 54.0.2840.98 para Mac y 54.0.2840.99 para Windows y 54.0.2840.100 para Linux y 55.0.2883.84 para Android aplica incorrectamente reglas de tipo, lo que permite a atacantes remotos explotar potencialmente una corrupc... • http://rhn.redhat.com/errata/RHSA-2016-2718.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5199 – chromium-browser: heap corruption in ffmpeg
https://notcve.org/view.php?id=CVE-2016-5199
15 Nov 2016 — An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Un error por un paso resultando en una asignación de tamaño cero en FFmpeg en Google Chrome anterior a 54.0.2840.98 para Mac y 54.0.2840.99 para Windows y 54.0.2840.100 para Linux y 55.0.2883.84 para Android permiti... • http://rhn.redhat.com/errata/RHSA-2016-2718.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5201 – chromium-browser: info leak in extensions
https://notcve.org/view.php?id=CVE-2016-5201
15 Nov 2016 — A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page. Un fuga de privateClass en la API de extensiones en Google Chrome anterior a 54.0.2840.100 para Linux y 54.0.2840.99 para Windows y 54.0.2840.98 para Mac permitió a un atacante remoto acceder a código JavaScript privilegiado a través de una página HTML manipulada. • http://rhn.redhat.com/errata/RHSA-2016-2718.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5202 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-5202
15 Nov 2016 — browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy. El archivo browser/extensions/api/dial/dial_registry.cc en Google Chrome versiones anteriores a 54.0.2840.98 en macOS, versiones anteriores a 54.0.2840.99 en Windows y versiones anteriores a 54.0.2840.100 en Linux... • http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00029.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 64%CPEs: 10EXPL: 1CVE-2016-5198 – Google Chromium V8 Out-of-Bounds Memory Vulnerability
https://notcve.org/view.php?id=CVE-2016-5198
08 Nov 2016 — V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page. V8 en Google Chrome anterior a 54.0.2840.90 para Linux y 54.0.2840.85 para Android y 54.0.2840.87 para Windows y Mac incluyeron asunciones de optimización incorrectas, lo que permitió a un atacante remoto realizar opera... • http://rhn.redhat.com/errata/RHSA-2016-2672.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5182 – chromium-browser: heap overflow in blink
https://notcve.org/view.php?id=CVE-2016-5182
18 Oct 2016 — Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages. Blink en Google Chrome en versiones previas a 54.0.2840.59 para Windows, Mac y Linux; 54.0.2840.85 para Android tiene una validación insuficiente en el manejo de bitmap, lo que permite a un atacante remoto explotar potencialmente una corrupción de memoria a través de pá... • http://rhn.redhat.com/errata/RHSA-2016-2067.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5184 – chromium-browser: use after free in pdfium
https://notcve.org/view.php?id=CVE-2016-5184
18 Oct 2016 — PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files. PDFium en Google Chrome en versiones previas a 54.0.2840.59 para Windows, Mac y Linux; 54.0.2840.85 para Android maneja incorrectamente los ciclos de vida de objetos en CFFL_FormFillter::KillFocusForAnnot, lo que permite a un atacante remot... • http://rhn.redhat.com/errata/RHSA-2016-2067.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5189 – chromium-browser: url spoofing
https://notcve.org/view.php?id=CVE-2016-5189
18 Oct 2016 — Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. Google Chrome en versiones previas a 54.0.2840.59 para Windows, Mac y Linux; 54.0.2840.85 para Android permite la navegación para borrar URLs con orígenes irregulares, lo que permite a un atacante remoto suplantar contenidos de la Omnibox (barra de URL) a t... • http://rhn.redhat.com/errata/RHSA-2016-2067.html • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5191 – chromium-browser: universal xss in bookmarks
https://notcve.org/view.php?id=CVE-2016-5191
18 Oct 2016 — Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL. El manejo de etiquetas en Google Chrome en versiones previas a 54.0.2840.59 para Windows, Mac y Linux; 54.0.2840.85 para Android tien... • http://rhn.redhat.com/errata/RHSA-2016-2067.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5192 – chromium-browser: cross-origin bypass in blink
https://notcve.org/view.php?id=CVE-2016-5192
18 Oct 2016 — Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages. Blink en Google Chrome en versiones previas a 54.0.2840.59 para Windows falla una comprobación CORS en redirect en TextTrackLoader, lo que permite a un atacante remoto eludir restricciones de origen cruzado a través de páginas HTML manipuladas. • http://rhn.redhat.com/errata/RHSA-2016-2067.html • CWE-284: Improper Access Control •