![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-5156 – chromium-browser: use after free in event bindings
https://notcve.org/view.php?id=CVE-2016-5156
11 Sep 2016 — extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. extensions/renderer/event_bindings.cc en los vínculos de eventos en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en vers... • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html • CWE-416: Use After Free •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-5159 – openjpeg: heap overflow in parsing of JPEG2000 code blocks
https://notcve.org/view.php?id=CVE-2016-5159
11 Sep 2016 — Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c. Múltiples desbordamiento de entero en OpenJPEG, tal como se utiliza en PDFium en Google Chrome en versiones anteriores a 53.0.2785.89 en Window... • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-5152 – chromium-browser: heap overflow in pdfium
https://notcve.org/view.php?id=CVE-2016-5152
11 Sep 2016 — Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. Desbordamiento de entero en la función opj_tcd_get_decoded_tile_size en tcd.c en OpenJPEG, tal como se utiliza en PDFium en Google Chrome en versiones anteriores a 53... • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html • CWE-190: Integer Overflow or Wraparound •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-5151 – chromium-browser: use after free in pdfium
https://notcve.org/view.php?id=CVE-2016-5151
11 Sep 2016 — PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp. PDFium en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en versiones anteriores a 53.0.2785.92 en Linux no maneja adecuadamente los temporizadores,... • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html • CWE-416: Use After Free •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-5150 – chromium-browser: use after free in blink
https://notcve.org/view.php?id=CVE-2016-5150
11 Sep 2016 — WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects. WebKit/Source/bindings/modules/v8/V8BindingForModu... • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html • CWE-416: Use After Free •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-5161 – Google Chrome StylePropertySerializer Type Confusion Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-5161
01 Sep 2016 — The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class. La función EditingStyle::mergeStyle en WebKit/Source/core/editing/EditingStyle.cpp en Blink, t... • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html • CWE-704: Incorrect Type Conversion or Cast •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-5141 – chromium-browser: Address bar spoofing
https://notcve.org/view.php?id=CVE-2016-5141
07 Aug 2016 — Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp. Blink, como se usa en Google Chrome en versiones anteriores a 52.0.2743.116, permite a atacantes remotos suplantar la barra de direcciones a través de vectores involucrando una URL provisional para un documento inicialmente vació, relacionado con FrameLoader.cpp y ScopedPageLo... • http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-5140 – chromium-browser: Heap overflow in pdfium
https://notcve.org/view.php?id=CVE-2016-5140
07 Aug 2016 — Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data. Desbordamiento de búfer basado en memoria dinámica en la función opj_j2k_read_SQcd_SQcc en j2k.c in OpenJPEG, como se usa en PDFium en Google Chrome en versiones anteriores a 52.0.2743.116, permite a atacantes remotos provocar una denegación de... • http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-5144 – chromium-browser: Parameter sanitization failure in DevTools
https://notcve.org/view.php?id=CVE-2016-5144
07 Aug 2016 — The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143. El subsistema Developer Tools (también conocido como DevTools) en Blink, como se usa en Google Chrome en versiones anteriores a 52.0.2743.116, no maneja correctamente el nombre de host... • http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html • CWE-284: Improper Access Control •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-5143 – chromium-browser: Parameter sanitization failure in DevTools
https://notcve.org/view.php?id=CVE-2016-5143
07 Aug 2016 — The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144. El subsistema Developer Tools (también conocido como DevTools) en Blink, como se usa en Google Chrome en versiones anteriores a 52.0.2743.116, no maneja correctamente el nombre de host... • http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html • CWE-264: Permissions, Privileges, and Access Controls •