CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2016-5151 – chromium-browser: use after free in pdfium
https://notcve.org/view.php?id=CVE-2016-5151
11 Sep 2016 — PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp. PDFium en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en versiones anteriores a 53.0.2785.92 en Linux no maneja adecuadamente los temporizadores,... • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5164 – chromium-browser: universal xss using devtools
https://notcve.org/view.php?id=CVE-2016-5164
11 Sep 2016 — Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka "Universal XSS (UXSS)." Vulnerabilidad de XSS en WebKit/Source/platform/v8_inspector/V8Debugger.cpp en Blink, tal como se utiliza en Google Chrome en versiones anterio... • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2016-5152 – chromium-browser: heap overflow in pdfium
https://notcve.org/view.php?id=CVE-2016-5152
11 Sep 2016 — Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. Desbordamiento de entero en la función opj_tcd_get_decoded_tile_size en tcd.c en OpenJPEG, tal como se utiliza en PDFium en Google Chrome en versiones anteriores a 53... • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5163 – chromium-browser: address bar spoofing
https://notcve.org/view.php?id=CVE-2016-5163
11 Sep 2016 — The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android. La implementación de texto bidireccional en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en versiones anteriores a... • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-7395
https://notcve.org/view.php?id=CVE-2016-7395
11 Sep 2016 — SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via crafted graphics data. SkPath.cpp en Skia, tal como se utiliza en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en versiones anteriores a 53.0... • http://www.debian.org/security/2016/dsa-3667 • CWE-19: Data Processing Errors •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2016-5149 – chromium-browser: script injection in extensions
https://notcve.org/view.php?id=CVE-2016-5149
11 Sep 2016 — The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL. El subsistema de extensiones en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en versiones anteriores a 53.0.2785.92 en Linux confía en una UR... • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 0CVE-2016-5157 – chromium-browser: heap overflow in pdfium
https://notcve.org/view.php?id=CVE-2016-5157
11 Sep 2016 — Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data. Desbordamiento de búfer basado en memoria dinámica en la función opj_dwt_interleave_v en dwt.c en OpenJPEG, tal como se utiliza en PDFium en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en v... • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5165 – chromium-browser: script injection in devtools
https://notcve.org/view.php?id=CVE-2016-5165
11 Sep 2016 — Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL's query string. Vulnerabilidad de XSS en el subsistema Developer Tools (también conocido como DevTools) en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en versiones ante... • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2016-5150 – chromium-browser: use after free in blink
https://notcve.org/view.php?id=CVE-2016-5150
11 Sep 2016 — WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects. WebKit/Source/bindings/modules/v8/V8BindingForModu... • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2016-5153 – chromium-browser: use after destruction in blink
https://notcve.org/view.php?id=CVE-2016-5153
11 Sep 2016 — The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site. La implementación de Web Animations en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en versiones anteriores a 53.0.2785.92 en... • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html • CWE-19: Data Processing Errors •