CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2016-1622 – chromium-browser: same-origin bypass in Extensions
https://notcve.org/view.php?id=CVE-2016-1622
14 Feb 2016 — The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. El subsistema Extensions en Google Chrome en versiones anteriores a 48.0.2564.109 no previene el uso del método Object.defineProperty para sobreescribir el comportamiento de extensión previsto, lo que permite a atacantes remotos eludir la Same Origin Policy a... • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 0CVE-2016-1624 – chromium-browser: buffer overflow in Brotli
https://notcve.org/view.php?id=CVE-2016-1624
14 Feb 2016 — Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression. Desbordamiento inferior de entero en la función ProcessCommandsInternal en dec/decode.c en Brotli, como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.109, permite a atacantes remotos causar una denegación de... • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1615 – chromium-browser: origin confusion in Omnibox
https://notcve.org/view.php?id=CVE-2016-1615
25 Jan 2016 — The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors. La implementación de Omnibox en Google Chrome en versiones anteriores a 48.0.2564.82 permite a atacantes remotos suplantar el origen de un documento a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html • CWE-254: 7PK - Security Features •
CVSS: 7.6EPSS: 2%CPEs: 1EXPL: 0CVE-2016-1613 – chromium-browser: use-after-free in PDFium
https://notcve.org/view.php?id=CVE-2016-1613
25 Jan 2016 — Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects. Múltiples vulnerabilidades de uso después de liberación de memoria en la implementación de formfiller en PDFium, tal como se utiliza en Google Chrome en ver... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html • CWE-416: Use After Free •
CVSS: 7.6EPSS: 2%CPEs: 1EXPL: 0CVE-2016-1619 – chromium-browser: out-of-bounds read in PDFium
https://notcve.org/view.php?id=CVE-2016-1619
25 Jan 2016 — Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document. Múltiples desbordamientos de enteros en las funciones (1) sycc422_to_rgb y (2) sycc444_to_rgb en fxcodec/codec/fx_codec_jpx_opj.cpp en PDFium, tal como se utiliza en Google Chrome en versi... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1620 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1620
25 Jan 2016 — Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 48.0.2564.82 permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1614 – chromium-browser: information leak in Blink
https://notcve.org/view.php?id=CVE-2016-1614
25 Jan 2016 — The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. La clase UnacceleratedImageBufferSurface en WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, no... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2052 – chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6
https://notcve.org/view.php?id=CVE-2016-2052
25 Jan 2016 — Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947. Múltiples vulnerabilidades no especificadas en HarfBuzz en versiones anteriores a 1.0.6, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, permiten a... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2051 – chromium-browser: Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17
https://notcve.org/view.php?id=CVE-2016-2051
25 Jan 2016 — Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.8.271.17, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1616 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1616
25 Jan 2016 — The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button. La función CustomButton::AcceleratorPressed en ui/views/controls/button/custom_button.cc en Google Chrome en versiones anteriores a 48.0.2564.82 permite a atacantes remotos suplantar URLs a través de vectores implicando un botón personalizado no enfocado. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html • CWE-254: 7PK - Security Features •