CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1623 – chromium-browser: same-origin bypass in DOM
https://notcve.org/view.php?id=CVE-2016-1623
14 Feb 2016 — The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp. La implementación DOM en Google Chrome en versiones anteriores a 48.0.2564.109 no restringe adecuadamente que las operaciones frame-attach ocurran durante o desp... • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 0CVE-2016-1624 – chromium-browser: buffer overflow in Brotli
https://notcve.org/view.php?id=CVE-2016-1624
14 Feb 2016 — Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression. Desbordamiento inferior de entero en la función ProcessCommandsInternal en dec/decode.c en Brotli, como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.109, permite a atacantes remotos causar una denegación de... • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1625 – chromium-browser: navigation bypass in Chrome Instant
https://notcve.org/view.php?id=CVE-2016-1625
14 Feb 2016 — The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc. La funcionalidad Chrome Instant en Google Chrome en versiones anteriores a 48.0.2564.109 no asegura que un destino de navegación New Tab Page (NTP) se encuentre en las listas de más visitados o sugere... • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 11%CPEs: 3EXPL: 0CVE-2016-1626 – Google Chrome Pdfium JPEG2000 Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1626
14 Feb 2016 — The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. La función opj_pi_update_decode_poc en pi.c en OpenJPEG, como se utiliza en PDFium en Google Chrome en versiones anteriores a 48.0.2564.109, no calcula correctamente un determinado valor de índice de capa, lo que permite a atacantes remotos caus... • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1627 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1627
14 Feb 2016 — The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js. El subsistema Developer Tools (también conocido como DevTools) en Google Chrome en versiones anteriores a ... • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.6EPSS: 7%CPEs: 1EXPL: 0CVE-2016-1612 – chromium-browser: bad cast in V8
https://notcve.org/view.php?id=CVE-2016-1612
25 Jan 2016 — The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code. La función LoadIC::UpdateCaches en ic/ic.cc en Google V8, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, no asegura la compatibilidad del receptor antes de re... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html • CWE-20: Improper Input Validation CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.6EPSS: 2%CPEs: 1EXPL: 0CVE-2016-1613 – chromium-browser: use-after-free in PDFium
https://notcve.org/view.php?id=CVE-2016-1613
25 Jan 2016 — Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects. Múltiples vulnerabilidades de uso después de liberación de memoria en la implementación de formfiller en PDFium, tal como se utiliza en Google Chrome en ver... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1614 – chromium-browser: information leak in Blink
https://notcve.org/view.php?id=CVE-2016-1614
25 Jan 2016 — The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. La clase UnacceleratedImageBufferSurface en WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, no... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1615 – chromium-browser: origin confusion in Omnibox
https://notcve.org/view.php?id=CVE-2016-1615
25 Jan 2016 — The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors. La implementación de Omnibox en Google Chrome en versiones anteriores a 48.0.2564.82 permite a atacantes remotos suplantar el origen de un documento a través de vectores no especificados. Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Ch... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html • CWE-254: 7PK - Security Features •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1616 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1616
25 Jan 2016 — The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button. La función CustomButton::AcceleratorPressed en ui/views/controls/button/custom_button.cc en Google Chrome en versiones anteriores a 48.0.2564.82 permite a atacantes remotos suplantar URLs a través de vectores implicando un botón personalizado no enfocado. Chromium is an open-source web browser, ... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html • CWE-254: 7PK - Security Features •