CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5191 – chromium-browser: universal xss in bookmarks
https://notcve.org/view.php?id=CVE-2016-5191
18 Oct 2016 — Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL. El manejo de etiquetas en Google Chrome en versiones previas a 54.0.2840.59 para Windows, Mac y Linux; 54.0.2840.85 para Android tien... • http://rhn.redhat.com/errata/RHSA-2016-2067.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5192 – chromium-browser: cross-origin bypass in blink
https://notcve.org/view.php?id=CVE-2016-5192
18 Oct 2016 — Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages. Blink en Google Chrome en versiones previas a 54.0.2840.59 para Windows falla una comprobación CORS en redirect en TextTrackLoader, lo que permite a un atacante remoto eludir restricciones de origen cruzado a través de páginas HTML manipuladas. • http://rhn.redhat.com/errata/RHSA-2016-2067.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5187 – chromium-browser: url spoofing
https://notcve.org/view.php?id=CVE-2016-5187
18 Oct 2016 — Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. Google Chrome en versiones previas a 54.0.2840.85 para Android maneja incorrectamente transición rápida de entrada y salida del modo de pantalla completa, lo que permite a un atacante remoto suplantar los contenidos de la Omnibox (barra de URL) a través de páginas HTML manipuladas. • http://rhn.redhat.com/errata/RHSA-2016-2067.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5194 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-5194
18 Oct 2016 — Unspecified vulnerabilities in Google Chrome before 54.0.2840.59. Vulnerabilidades no especificadas en Google Chrome versiones anteriores a la versión 54.0.2840.59. • https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4900
https://notcve.org/view.php?id=CVE-2005-4900
14 Oct 2016 — SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is not, by itself, a technology recommendation. SHA-1 no es resistente a la colisión, lo que facilita a atacantes dependientes del contexto llevar a cabo ataques de espionaje, como es demostrado por ataques en el uso d... • http://ia.cr/2007/474 • CWE-326: Inadequate Encryption Strength •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2016-5178 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-5178
05 Oct 2016 — Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 53.0.2785.143 permiten a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos • http://lists.opensuse.org/opensuse-updates/2016-10/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0CVE-2016-5177 – chromium-browser: use after free in v8
https://notcve.org/view.php?id=CVE-2016-5177
05 Oct 2016 — Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de linberación en V8 en Google Chrome anterior a la versión 53.0.2785.143, permite a atacantes remotos provocar una denegación de servicio (bloqueo) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-updates/2016-10/msg00000.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5176 – chromium-browser: SafeBrowsing protection mechanism bypass
https://notcve.org/view.php?id=CVE-2016-5176
29 Sep 2016 — Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors. Google Chrome en versiones anteriores a 53.0.2785.113 permite a atacantes remotos eludir el mecanismo de protección SafeBrowsing a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2016-1905.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-7549 – chromium-browser: DoS via invalid recipient of IPC message
https://notcve.org/view.php?id=CVE-2016-7549
25 Sep 2016 — Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message. Google Chrome en versiones anteriores a 53.0.2785.113 no asegura... • http://rhn.redhat.com/errata/RHSA-2016-1905.html • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5170 – chromium-browser: use after free in blink
https://notcve.org/view.php?id=CVE-2016-5170
16 Sep 2016 — WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls. WebKit/Source/bendengs/modules/v8/V8BendengForModules.cpp en Blink, como se usa en Google Chrome en versiones anteriores a 53.0.2785.113, no consid... • http://rhn.redhat.com/errata/RHSA-2016-1905.html • CWE-416: Use After Free •