NotCVE - vendor:"Google" product:"Chrome" version:"

Page 208 of 3354 results (0.059 seconds)

CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0

CVE-2016-1701 – chromium-browser: use-after-free in autofill

https://notcve.org/view.php?id=CVE-2016-1701

02 Jun 2016 — The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690. La implementación Autofill en Google Chrome en versiones anteriores a 51.0.2704.79 no maneja adecuadamente la interacción entre las actualizaciones de campo y... • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html •

CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0

CVE-2016-1700 – chromium-browser: use-after-free in extensions

https://notcve.org/view.php?id=CVE-2016-1700

02 Jun 2016 — extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to extensions. extensions/renderer/runtime_custom_bindings.cc en Google Chrome en versiones anteriores a 51.0.2704.79 no considera los efectos laterales durante la creación de un array de vistas de extensión, lo... • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html •

CVSS: 9.3EPSS: 2%CPEs: 11EXPL: 0

CVE-2016-1699 – Trend Micro Maximum Security Regex Matching Use-After-Free Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2016-1699

02 Jun 2016 — WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL. WebKit/Source/devtools/front_end/devtools.js en el subsistema Developer Tools (también conocido como DevTools) en Blink, tal como se utiliza en Google Chrome e... • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html • CWE-284: Improper Access Control •

CVSS: 6.5EPSS: 2%CPEs: 11EXPL: 0

CVE-2016-1702 – chromium-browser: out-of-bounds read in skia

https://notcve.org/view.php?id=CVE-2016-1702

02 Jun 2016 — The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data. La función SkRegion::readFromMemory en core/SkRegion.cpp in Skia, tal como se utiliza en Google Chrome en versiones anteriores a 51.0.2704.79, no valida la cuenta de intervalo, lo que permite a atacantes remotos provocar una denegación de servicio (le... • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0

CVE-2016-1696 – chromium-browser: cross-origin bypass in extension bindings

https://notcve.org/view.php?id=CVE-2016-1696

02 Jun 2016 — The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. El subsistema de extensiones en Google Chrome en versiones anteriores a 51.0.2704.79 no restringe adecuadamente accesos vinculantes, lo que permite a atacantes remotos eleduir la Same Origin Policy a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •

CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0

CVE-2016-1697 – chromium-browser: cross-origin bypass in blink

https://notcve.org/view.php?id=CVE-2016-1697

02 Jun 2016 — The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. La funciónFrameLoader::startLoad en WebKit/Source/core/loader/FrameLoader.cpp en Blink, como es usada en Google Chrome en versiones anteriores a 51.0.2704.79, no impide marcos de navegación durante las opera... • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html • CWE-284: Improper Access Control •

CVSS: 6.5EPSS: 1%CPEs: 11EXPL: 0

CVE-2016-1689 – chromium-browser: heap buffer overflow in media

https://notcve.org/view.php?id=CVE-2016-1689

01 Jun 2016 — Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. Desbordamiento de buffer basado en memoria dinámica en content/renderer/media/canvas_capture_handler.cc en Google Chrome en versiones anteriores a 51.0.2704.63 permite a atacantes remotos provocar una denegación del servicio o posiblemente tener otro impacto no especificado a ... • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0

CVE-2016-1691 – chromium-browser: heap buffer-overflow in skia

https://notcve.org/view.php?id=CVE-2016-1691

01 Jun 2016 — Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and SkPathOpsCommon.cpp. Skia, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63, no maneja correctamente la ejecución de coincidencia, lo que permite a atacantes remotos provocar una denegación del servicio (desbordamiento de buf... • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 0

CVE-2016-1684 – chromium-browser: integer overflow in libxslt

https://notcve.org/view.php?id=CVE-2016-1684

01 Jun 2016 — numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document. numbers.c en libxslt en versiones anteriores a 1.1.29, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63, no maneja correctamente el token de formato i para datos xsl:number, lo que permite a... • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html •

CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0

CVE-2016-1673 – chromium-browser: cross-origin bypass in blink

https://notcve.org/view.php?id=CVE-2016-1673

01 Jun 2016 — Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Blink, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63 permite a atacantes remotos eludir la Same Origin Policy a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html •

1...206 207 208 209 210