CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 0CVE-2016-5136 – chromium-browser: use after free in extensions
https://notcve.org/view.php?id=CVE-2016-5136
23 Jul 2016 — Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion. Vulnerabilidad de uso después de liberación de memoria en extensions/renderer/user_script_injector.cc en el subsistema Extensions en Google Chrome en versiones anteriores a 52.0.2743.82 permite a atacantes remotos provocar una denegació... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2016-5127 – chromium-browser: use-after-free in blink
https://notcve.org/view.php?id=CVE-2016-5127
23 Jul 2016 — Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element. Vulnerabilidad de uso después de liberación de memoria en WebKit/Source/core/editing/VisibleUnits.cpp en Blink, como ... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 10%CPEs: 17EXPL: 0CVE-2016-5131 – libxml2: Use after free triggered by XPointer paths beginning with range-to
https://notcve.org/view.php?id=CVE-2016-5131
23 Jul 2016 — Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. Vulnerabilidad de uso después de liberación de memoria en libxml2 hasta la versión 2.9.4, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto ... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1708 – chromium-browser: use-after-free in extensions
https://notcve.org/view.php?id=CVE-2016-1708
23 Jul 2016 — The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site. La implementación de la instalación en línea Chrome Web Store en el subsistema Extensions en Google Chrome en versiones anteriores a 52.0.2743.82 no considera adecuadamente la ... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1711 – chromium-browser: same-origin bypass in blink
https://notcve.org/view.php?id=CVE-2016-1711
23 Jul 2016 — WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. WebKit/Source/core/loader/FrameLoader.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, no deshabilita la navegación del marco durante una operación de separación en un objeto DocumentLoader, lo que per... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-285: Improper Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1705 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1705
23 Jul 2016 — Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 52.0.2743.82 permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted websi... • http://crbug.com/590619 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5137 – chromium-browser: history sniffing with hsts and csp
https://notcve.org/view.php?id=CVE-2016-5137
23 Jul 2016 — The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-16... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5130 – chromium-browser: url spoofing
https://notcve.org/view.php?id=CVE-2016-5130
23 Jul 2016 — content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site. content/renderer/history_controller.cc en Google Chrome en versiones anteriores a 52.0.2743.82 no restringe adecuadamente los múltiples usos de un método de redireccionamiento de JavaScript, lo que permite a atacantes remotos suplantar la URL mostrada a través de un sitio web manipul... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5134 – chromium-browser: url leakage via pac script
https://notcve.org/view.php?id=CVE-2016-5134
23 Jul 2016 — net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763. net/proxy/proxy_service.cc en la funcionalidad Proxy Auto-Config (PAC) en Google Chrome en versiones anteriores a 52.0.2743.82 no asegura que la información de URL está restringida a un esquema, host ... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5132 – chromium-browser: limited same-origin bypass in service workers
https://notcve.org/view.php?id=CVE-2016-5132
23 Jul 2016 — The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element. El subsistema Service Workers en Google Chrome en versiones anteriores a 52.0.2743.82 no implementa adecuadamente la especificación Secure Contexts durante las decisiones sobre si se debe controlar un submar... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-254: 7PK - Security Features •