CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2016-1655 – chromium-browser: use-after-free related to extensions
https://notcve.org/view.php?id=CVE-2016-1655
15 Apr 2016 — Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension. Google Chrome en versiones anteriores a 50.0.2661.75 no considera correctamente que la eliminación de tramas pueda ocurrir durante la ejecución de una llamada de retorno, lo que permite a atacantes remotos provocar una denegación de servicio (uso despu... • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1657 – chromium-browser: address bar spoofing
https://notcve.org/view.php?id=CVE-2016-1657
15 Apr 2016 — The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL. La función WebContentsImpl::FocusLocationBarByDefault en content/browser/web_contents/web_contents_impl.cc en Google Chrome en versiones anteriores a 50.0.2661.75 no maneja correctamente el foco para ciertas páginas about:blank, lo que permite ... • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html • CWE-254: 7PK - Security Features •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1658 – chromium-browser: potential leak of sensitive information to malicious extensions
https://notcve.org/view.php?id=CVE-2016-1658
15 Apr 2016 — The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension. El subsistema Extensions en Google Chrome en versiones anteriores a 50.0.2661.75 confía incorrectamente en llamadas al método GetOrigin para comparaciones de origen, lo que permite a atacantes remotos eludir la Same Origin Policy y obtener información sensible... • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2016-1659 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1659
15 Apr 2016 — Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 50.0.2661.75 permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. A use-after-free was discovered when responding synchronously to permission requests. An attacker could potentially e... • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-3679 – chromium-browser: multiple unspecified vulnerabilities
https://notcve.org/view.php?id=CVE-2016-3679
29 Mar 2016 — Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.9.385.33, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.108, permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. A... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html •
CVSS: 9.3EPSS: 67%CPEs: 13EXPL: 1CVE-2016-1646 – Google Chromium V8 Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2016-1646
27 Mar 2016 — The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code. La implementación de Array.prototype.concat en builtins.cc en Google V8, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.108, no considera adecuadamante los tipos de datos... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 1%CPEs: 6EXPL: 0CVE-2016-1647 – chromium-browser: use-after-free in Navigation
https://notcve.org/view.php?id=CVE-2016-1647
27 Mar 2016 — Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación de memoria en la función RenderWidgetHostImpl::Destroy en content/browser/renderer_host/render_widget_host_impl.cc en la implementación de Navigat... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html •
CVSS: 9.3EPSS: 2%CPEs: 3EXPL: 0CVE-2016-1648 – chromium-browser: use-after-free in Extensions
https://notcve.org/view.php?id=CVE-2016-1648
27 Mar 2016 — Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code. Vulnerabilidad de uso después de liberación de memoria en la función GetLoadTimes en renderer/loadtimes_extension_bindings.cc en la implementación de Extensions en Google Chrome en versiones anteriores a 49.0.2623.1... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html •
CVSS: 9.3EPSS: 10%CPEs: 6EXPL: 0CVE-2016-1649 – Google Chrome libANGLE glGetUniformfv Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1649
27 Mar 2016 — The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages. La función Program::getUniformInternal en Program.cpp en libANGLE, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.108, no maneja adecuadamente ciertos tipos de datos que... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1650 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1650
27 Mar 2016 — The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document. La función PageCaptureSaveAsMHTMLFunction::ReturnFailure en browser/extensions/api/page_capture/page_capture_api.cc en Google Chrome en versiones anteriores a 49.0.2623.108 permite a atacantes remotos provocar una ... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html •