CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2016-1639 – chromium-browser: use-after-free in WebRTC
https://notcve.org/view.php?id=CVE-2016-1639
06 Mar 2016 — Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect reliance on the resource context pointer. Vulnerabilidad de uso después de liberación de memoria en browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc en la implementación de la API We... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1640 – chromium-browser: origin confusion in Extensions UI
https://notcve.org/view.php?id=CVE-2016-1640
06 Mar 2016 — The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the user's next navigation target via a crafted web site. La implementación de Web Store inline-installer en Extensions UI en Google Chrome en versiones anteriores a 49.0.2623.75 no bloquea las instalaciones sobre la eli... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html • CWE-17: DEPRECATED: Code •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2016-1641 – chromium-browser: use-after-free in Favicon
https://notcve.org/view.php?id=CVE-2016-1641
06 Mar 2016 — Use-after-free vulnerability in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an image download after a certain data structure is deleted, as demonstrated by a favicon.ico download. Vulnerabilidad de uso después de liberación de memoria en content/browser/web_contents/web_contents_impl.cc en Google Chrome en versiones anteriores a 49.0.2623.75 permite a atacan... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1642 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1642
06 Mar 2016 — Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 49.0.2623.75 permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. It was discovered that the ContainerNode::parserRemoveChild function in Blink mishandled widget updates in some circ... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2843 – chromium-browser: Multiple unspecified vulnerabilities in V8 before 4.9.385.26
https://notcve.org/view.php?id=CVE-2016-2843
06 Mar 2016 — Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.9.385.26, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.75, permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. It ... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2016-2844 – chromium-browser: LayoutBlock.cpp in Blink does not properly determine when anonymous block wrappers may exist
https://notcve.org/view.php?id=CVE-2016-2844
06 Mar 2016 — WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code. WebKit/Source/core/layout/LayoutBlock.cpp en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.75, no determina adecuadamente cuándo pueden existi... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2845 – chromium-browser: CSP implementation in Blink does not ignore a URL's path component in the case of a ServiceWorker fetch
https://notcve.org/view.php?id=CVE-2016-2845
06 Mar 2016 — The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp. La implementación de la Content Security Policy (CSP) en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.75, no ignora u... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2016-1629 – chromium-browser: same-origin bypass in Blink and Sandbox escape in Chrome
https://notcve.org/view.php?id=CVE-2016-1629
21 Feb 2016 — Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors. Google Chrome en versiones anteriores a 48.0.2564.116 permite a atacantes remotos eludir la Blink Same Origin Policy y el mecanismo de protección sandbox a través de vectores no especificados. Chromium is an open-source web browser, powered by WebKit. Two flaws were found in the processing of malformed web content. A web page containing malicious conte... • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_18.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 25%CPEs: 2EXPL: 0CVE-2016-1628 – Google Chrome Pdfium JPEG2000 Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1628
18 Feb 2016 — pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions. pi.c en OpenJPEG, como se utiliza en PDFium en Google Chrome en versiones anteriores a 48.0.2564.109, no valida cierto valor precision, lo que permite a a... • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2016-1622 – chromium-browser: same-origin bypass in Extensions
https://notcve.org/view.php?id=CVE-2016-1622
14 Feb 2016 — The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. El subsistema Extensions en Google Chrome en versiones anteriores a 48.0.2564.109 no previene el uso del método Object.defineProperty para sobreescribir el comportamiento de extensión previsto, lo que permite a atacantes remotos eludir la Same Origin Policy a... • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html • CWE-264: Permissions, Privileges, and Access Controls •