CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1710 – chromium-browser: same-origin bypass in blink
https://notcve.org/view.php?id=CVE-2016-1710
23 Jul 2016 — The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. El método ChromeClientImpl::createWindow en WebKit/Source/web/ChromeClientImpl.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, no previene la creación de la ventana por un marco diferido, lo q... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-285: Improper Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1707
https://notcve.org/view.php?id=CVE-2016-1707
23 Jul 2016 — ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site. ios/web/web_state/ui/crw_web_controller.mm en Google Chrome en versiones anteriores en 52.0.2743.82 en iOS no asegura que una URL no válida sea reemplazada con la URL about:blank, lo que permite a atacantes remotos suplantar la URL mostrada a través de un sitio web manipu... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1705 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1705
23 Jul 2016 — Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 52.0.2743.82 permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://crbug.com/590619 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5137 – chromium-browser: history sniffing with hsts and csp
https://notcve.org/view.php?id=CVE-2016-5137
23 Jul 2016 — The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-16... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2016-1704 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1704
21 Jun 2016 — Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 51.0.2704.103 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update_16.html •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2016-1703 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1703
02 Jun 2016 — Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 51.0.2704.79 permiten a atacantes remotos provocar una denegación del servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-1698 – chromium-browser: information leak in extension bindings
https://notcve.org/view.php?id=CVE-2016-1698
02 Jun 2016 — The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition. La función createCustomType en extensions/renderer/resources/binding.js en las extensiones vinculantes en Google Chrome en versiones anteriores a 51.0.2704.79 no valida los tipos de módulos, lo que podría permitir a atac... • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2016-1701 – chromium-browser: use-after-free in autofill
https://notcve.org/view.php?id=CVE-2016-1701
02 Jun 2016 — The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690. La implementación Autofill en Google Chrome en versiones anteriores a 51.0.2704.79 no maneja adecuadamente la interacción entre las actualizaciones de campo y... • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0CVE-2016-1700 – chromium-browser: use-after-free in extensions
https://notcve.org/view.php?id=CVE-2016-1700
02 Jun 2016 — extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to extensions. extensions/renderer/runtime_custom_bindings.cc en Google Chrome en versiones anteriores a 51.0.2704.79 no considera los efectos laterales durante la creación de un array de vistas de extensión, lo... • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html •
CVSS: 9.3EPSS: 2%CPEs: 11EXPL: 0CVE-2016-1699 – Trend Micro Maximum Security Regex Matching Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1699
02 Jun 2016 — WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL. WebKit/Source/devtools/front_end/devtools.js en el subsistema Developer Tools (también conocido como DevTools) en Blink, tal como se utiliza en Google Chrome e... • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html • CWE-284: Improper Access Control •