![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-5143 – chromium-browser: Parameter sanitization failure in DevTools
https://notcve.org/view.php?id=CVE-2016-5143
07 Aug 2016 — The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144. El subsistema Developer Tools (también conocido como DevTools) en Blink, como se usa en Google Chrome en versiones anteriores a 52.0.2743.116, no maneja correctamente el nombre de host... • http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html • CWE-264: Permissions, Privileges, and Access Controls •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-5146 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-5146
07 Aug 2016 — Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 52.0.2743.116 permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores no especificados. An issue was discovered in Blink involving the provisional URL for an initially empty document. An attacker cou... • http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-5145 – chromium-browser: Same origin bypass for images in Blink
https://notcve.org/view.php?id=CVE-2016-5145
07 Aug 2016 — Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. Blink, como se usa en Google Chrome en versiones anteriores a 52.0.2743.116, no asegura que una propiedad contaminada se conserva después de una operación de clonado de estructura en un objeto ImageBitmap derivado de una ... • http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html • CWE-254: 7PK - Security Features •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-5142 – chromium-browser: Use-after-free in Blink
https://notcve.org/view.php?id=CVE-2016-5142
07 Aug 2016 — The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp. La implementación Web Cryptography API (también conocido como WebCrypto) en Blink, como se usa en Google Chrome en versiones anteriores a 52.0.2743.116, no cop... • http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-5138 – Gentoo Linux Security Advisory 201610-09
https://notcve.org/view.php?id=CVE-2016-5138
01 Aug 2016 — Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service (heap-based buffer overflow and use-after-free) by leveraging an unrestricted multiplication. Desbordamiento de entero en la función kbasep_vinstr_attach_client en midgard/mali_kbase_vinstr.c en Google Chrome en versiones anteriores a 52.0.2743.85 permite a atacantes remotos provocar una denegación de servicio (desbordamiento de... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update-for-chrome-os_26.html • CWE-190: Integer Overflow or Wraparound •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-5130 – chromium-browser: url spoofing
https://notcve.org/view.php?id=CVE-2016-5130
23 Jul 2016 — content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site. content/renderer/history_controller.cc en Google Chrome en versiones anteriores a 52.0.2743.82 no restringe adecuadamente los múltiples usos de un método de redireccionamiento de JavaScript, lo que permite a atacantes remotos suplantar la URL mostrada a través de un sitio web manipul... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-284: Improper Access Control •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-5134 – chromium-browser: url leakage via pac script
https://notcve.org/view.php?id=CVE-2016-5134
23 Jul 2016 — net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763. net/proxy/proxy_service.cc en la funcionalidad Proxy Auto-Config (PAC) en Google Chrome en versiones anteriores a 52.0.2743.82 no asegura que la información de URL está restringida a un esquema, host ... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-5132 – chromium-browser: limited same-origin bypass in service workers
https://notcve.org/view.php?id=CVE-2016-5132
23 Jul 2016 — The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element. El subsistema Service Workers en Google Chrome en versiones anteriores a 52.0.2743.82 no implementa adecuadamente la especificación Secure Contexts durante las decisiones sobre si se debe controlar un submar... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-254: 7PK - Security Features •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-5128 – chromium-browser: same-origin bypass in v8
https://notcve.org/view.php?id=CVE-2016-5128
23 Jul 2016 — objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. objects.cc en Google V8 en versiones anteriores a 5.2.361.27, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, no impide que los interceptores de la API modifiquen un objetivo de almacenamiento sin ajustar una propiedad,... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-254: 7PK - Security Features •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-5136 – chromium-browser: use after free in extensions
https://notcve.org/view.php?id=CVE-2016-5136
23 Jul 2016 — Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion. Vulnerabilidad de uso después de liberación de memoria en extensions/renderer/user_script_injector.cc en el subsistema Extensions en Google Chrome en versiones anteriores a 52.0.2743.82 permite a atacantes remotos provocar una denegació... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-416: Use After Free •