CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1658 – chromium-browser: potential leak of sensitive information to malicious extensions
https://notcve.org/view.php?id=CVE-2016-1658
15 Apr 2016 — The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension. El subsistema Extensions en Google Chrome en versiones anteriores a 50.0.2661.75 confía incorrectamente en llamadas al método GetOrigin para comparaciones de origen, lo que permite a atacantes remotos eludir la Same Origin Policy y obtener información sensible... • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 9.3EPSS: 2%CPEs: 7EXPL: 0CVE-2016-1653 – chromium-browser: out-of-bounds write in V8
https://notcve.org/view.php?id=CVE-2016-1653
15 Apr 2016 — The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.cc. La implementación LoadBuffer en Google V8, como se utiliza en Google Chrome en versiones anteriores a 50.0.2661.75, no maneja correctamente tipos de dato... • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2016-1655 – chromium-browser: use-after-free related to extensions
https://notcve.org/view.php?id=CVE-2016-1655
15 Apr 2016 — Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension. Google Chrome en versiones anteriores a 50.0.2661.75 no considera correctamente que la eliminación de tramas pueda ocurrir durante la ejecución de una llamada de retorno, lo que permite a atacantes remotos provocar una denegación de servicio (uso despu... • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1657 – chromium-browser: address bar spoofing
https://notcve.org/view.php?id=CVE-2016-1657
15 Apr 2016 — The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL. La función WebContentsImpl::FocusLocationBarByDefault en content/browser/web_contents/web_contents_impl.cc en Google Chrome en versiones anteriores a 50.0.2661.75 no maneja correctamente el foco para ciertas páginas about:blank, lo que permite ... • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html • CWE-254: 7PK - Security Features •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1652 – chromium-browser: universal XSS in extension bindings
https://notcve.org/view.php?id=CVE-2016-1652
15 Apr 2016 — Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." Vulnerabilidad de XSS en la función ModuleSystem::RequireForJsInner en extensions/renderer/module_system.cc en el subsistema Extensions en Google Chrome en versiones anteriores a 50.0.2661.75 permite a a... • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 0CVE-2016-1654 – chromium-browser: uninitialized memory read in media
https://notcve.org/view.php?id=CVE-2016-1654
15 Apr 2016 — The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors. El subsistema media en Google Chrome en versiones anteriores a 50.0.2661.75 no inicializa una estructura de datos no especificada, lo que permite a atacantes remotos provocar una denegación de servicio (operación de lectura no válida) a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2016-1659 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1659
15 Apr 2016 — Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 50.0.2661.75 permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html •
CVSS: 8.1EPSS: 21%CPEs: 4EXPL: 0CVE-2016-1651 – Google Chrome Pdfium JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-1651
15 Apr 2016 — fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document. fxcodec/codec/fx_codec_jpx_opj.cpp en PDFium, como se utiliza en Google Chrome en versiones anteriores a 50.0.2661.75, no implementa correctamente las funciones sycc... • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-3679 – chromium-browser: multiple unspecified vulnerabilities
https://notcve.org/view.php?id=CVE-2016-3679
29 Mar 2016 — Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.9.385.33, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.108, permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html •
CVSS: 9.3EPSS: 67%CPEs: 13EXPL: 1CVE-2016-1646 – Google Chromium V8 Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2016-1646
27 Mar 2016 — The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code. La implementación de Array.prototype.concat en builtins.cc en Google V8, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.108, no considera adecuadamante los tipos de datos... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html • CWE-125: Out-of-bounds Read •