CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1705 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1705
23 Jul 2016 — Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 52.0.2743.82 permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted websi... • http://crbug.com/590619 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5137 – chromium-browser: history sniffing with hsts and csp
https://notcve.org/view.php?id=CVE-2016-5137
23 Jul 2016 — The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-16... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5130 – chromium-browser: url spoofing
https://notcve.org/view.php?id=CVE-2016-5130
23 Jul 2016 — content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site. content/renderer/history_controller.cc en Google Chrome en versiones anteriores a 52.0.2743.82 no restringe adecuadamente los múltiples usos de un método de redireccionamiento de JavaScript, lo que permite a atacantes remotos suplantar la URL mostrada a través de un sitio web manipul... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5134 – chromium-browser: url leakage via pac script
https://notcve.org/view.php?id=CVE-2016-5134
23 Jul 2016 — net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763. net/proxy/proxy_service.cc en la funcionalidad Proxy Auto-Config (PAC) en Google Chrome en versiones anteriores a 52.0.2743.82 no asegura que la información de URL está restringida a un esquema, host ... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5132 – chromium-browser: limited same-origin bypass in service workers
https://notcve.org/view.php?id=CVE-2016-5132
23 Jul 2016 — The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element. El subsistema Service Workers en Google Chrome en versiones anteriores a 52.0.2743.82 no implementa adecuadamente la especificación Secure Contexts durante las decisiones sobre si se debe controlar un submar... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-254: 7PK - Security Features •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1707 – Debian Security Advisory 3637-1
https://notcve.org/view.php?id=CVE-2016-1707
23 Jul 2016 — ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site. ios/web/web_state/ui/crw_web_controller.mm en Google Chrome en versiones anteriores en 52.0.2743.82 en iOS no asegura que una URL no válida sea reemplazada con la URL about:blank, lo que permite a atacantes remotos suplantar la URL mostrada a través de un sitio web manipu... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2016-5129 – chromium-browser: memory corruption in v8
https://notcve.org/view.php?id=CVE-2016-5129
23 Jul 2016 — Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code. Google V8 en versiones anteriores a 5.2.361.32, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, no procesa adecuadamente los objetos recortados por la izquierda, lo que permite a atacantes remotos provocar una dene... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5133 – chromium-browser: origin confusion in proxy authentication
https://notcve.org/view.php?id=CVE-2016-5133
23 Jul 2016 — Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream. Google Chrome en versiones anteriores a 52.0.2743.82 no maneja correctamente información de origen durante la autenticación del proxy, lo que permite a atacantes man-in-the-middle suplantar una autenticación del proxy de aviso de inicio de sesión o ... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2016-1709 – chromium-browser: heap-buffer-overflow in sfntly
https://notcve.org/view.php?id=CVE-2016-1709
23 Jul 2016 — Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font. Desbordamiento de buffer basado en memoria dinámica en el método ByteArray::Get en data/byte_array.cc en Google sfntly en versiones anteriores a 2016-06-10, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, pe... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5135 – chromium-browser: content-security-policy bypass
https://notcve.org/view.php?id=CVE-2016-5135
23 Jul 2016 — WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "" element. WebKit/Source/core/html/p... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-20: Improper Input Validation •