CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1650 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1650
27 Mar 2016 — The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document. La función PageCaptureSaveAsMHTMLFunction::ReturnFailure en browser/extensions/api/page_capture/page_capture_api.cc en Google Chrome en versiones anteriores a 49.0.2623.108 permite a atacantes remotos provocar una ... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html •
CVSS: 9.3EPSS: 2%CPEs: 3EXPL: 0CVE-2016-1648 – chromium-browser: use-after-free in Extensions
https://notcve.org/view.php?id=CVE-2016-1648
27 Mar 2016 — Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code. Vulnerabilidad de uso después de liberación de memoria en la función GetLoadTimes en renderer/loadtimes_extension_bindings.cc en la implementación de Extensions en Google Chrome en versiones anteriores a 49.0.2623.1... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html •
CVSS: 9.3EPSS: 1%CPEs: 6EXPL: 0CVE-2016-1647 – chromium-browser: use-after-free in Navigation
https://notcve.org/view.php?id=CVE-2016-1647
27 Mar 2016 — Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación de memoria en la función RenderWidgetHostImpl::Destroy en content/browser/renderer_host/render_widget_host_impl.cc en la implementación de Navigat... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html •
CVSS: 9.3EPSS: 10%CPEs: 6EXPL: 0CVE-2016-1649 – Google Chrome libANGLE glGetUniformfv Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1649
27 Mar 2016 — The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages. La función Program::getUniformInternal en Program.cpp en libANGLE, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.108, no maneja adecuadamente ciertos tipos de datos que... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2016-1644 – chromium-browser: use-after-free in Blink
https://notcve.org/view.php?id=CVE-2016-1644
10 Mar 2016 — WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted HTML document. WebKit/Source/core/layout/LayoutObject.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.87, no restringe correctamente la planificación de rediseño, lo que permite a atacantes remotos ... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_8.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2016-1643 – chromium-browser: type confusion in Blink
https://notcve.org/view.php?id=CVE-2016-1643
10 Mar 2016 — The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." La función ImageInputType::ensurePrimaryContent en WebKit/Source/core/html/forms/ImageInputType.cpp en Blink, como se utiliza en Google Chrome en versiones... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_8.html • CWE-361: 7PK - Time and State CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 16%CPEs: 6EXPL: 0CVE-2016-1645 – Google Chrome Pdfium JPEG2000 Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1645
10 Mar 2016 — Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data. Múltiples errores de entero sin signo en la función opj_j2k_update_image_data en j2k.c en OpenJPEG, como se utiliza en PDFium en Google Chrome en versiones anteriores a 49.0.2623.87, permiten a ... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_8.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1631 – chromium-browser: same-origin bypass in Pepper Plugin
https://notcve.org/view.php?id=CVE-2016-1631
06 Mar 2016 — The PPB_Flash_MessageLoop_Impl::InternalRun function in content/renderer/pepper/ppb_flash_message_loop_impl.cc in the Pepper plugin in Google Chrome before 49.0.2623.75 mishandles nested message loops, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. La función de The PPB_Flash_MessageLoop_Impl::InternalRun en content/renderer/pepper/ppb_flash_message_loop_impl.cc en el plugin Pepper en Google Chrome en versiones anteriores a 49.0.2623.75 no maneja correctamente los buc... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2016-1639 – chromium-browser: use-after-free in WebRTC
https://notcve.org/view.php?id=CVE-2016-1639
06 Mar 2016 — Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect reliance on the resource context pointer. Vulnerabilidad de uso después de liberación de memoria en browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc en la implementación de la API We... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2016-2844 – chromium-browser: LayoutBlock.cpp in Blink does not properly determine when anonymous block wrappers may exist
https://notcve.org/view.php?id=CVE-2016-2844
06 Mar 2016 — WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code. WebKit/Source/core/layout/LayoutBlock.cpp en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.75, no determina adecuadamente cuándo pueden existi... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html • CWE-20: Improper Input Validation •