CVSS: 7.6EPSS: 2%CPEs: 1EXPL: 0CVE-2016-1619 – chromium-browser: out-of-bounds read in PDFium
https://notcve.org/view.php?id=CVE-2016-1619
25 Jan 2016 — Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document. Múltiples desbordamientos de enteros en las funciones (1) sycc422_to_rgb y (2) sycc444_to_rgb en fxcodec/codec/fx_codec_jpx_opj.cpp en PDFium, tal como se utiliza en Google Chrome en versi... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1620 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1620
25 Jan 2016 — Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 48.0.2564.82 permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. A bad cast was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2051 – chromium-browser: Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17
https://notcve.org/view.php?id=CVE-2016-2051
25 Jan 2016 — Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.8.271.17, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. A b... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2052 – chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6
https://notcve.org/view.php?id=CVE-2016-2052
25 Jan 2016 — Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947. Múltiples vulnerabilidades no especificadas en HarfBuzz en versiones anteriores a 1.0.6, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, permiten a... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html •
CVSS: 8.8EPSS: 8%CPEs: 1EXPL: 1CVE-2015-8664 – Google Chrome - Renderer Process to Browser Process Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-8664
24 Dec 2015 — Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792. Desbordamiento de entero en la función the WebCursor::Deserialize en content/common/cursors/webcursor.cc en Google Chrome en versiones anteriores a la 47.0.2526.106 permite a atacantes remo... • https://www.exploit-db.com/exploits/39039 • CWE-189: Numeric Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2015-6792 – chromium-browser: Fixes from internal audits and fuzzing
https://notcve.org/view.php?id=CVE-2015-6792
17 Dec 2015 — The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664. El subsistema MIDI en Google Chrome en versiones anteriores a la 47.0.2526.106 no maneja correctamente el envío de datos, lo que permite a atacantes remotos e... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8548 – v8: multiple vulnerabilities fixed in 4.7.80.23
https://notcve.org/view.php?id=CVE-2015-8548
14 Dec 2015 — Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.7.80.23, como se utiliza en Google Chrome en versiones anteriores a 47.0.2526.80, permite a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través ... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2015-6788 – chromium-browser: Type confusion in extensions
https://notcve.org/view.php?id=CVE-2015-6788
14 Dec 2015 — The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." La clase ObjectBackedNativeHandler en extensions/renderer/object_backed_native_handler.cc en el subsistema de extensiones en Google Chrome en versiones anteriores a 47.0.... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6789 – chromium-browser: Use-after free in Blink
https://notcve.org/view.php?id=CVE-2015-6789
14 Dec 2015 — Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion. Condición de carrera en la implementación MutationObserver en Blink, como se utiliza en Google Chrome en versiones anteriores a 47.0.2526.80, permite a atacantes remotos causar una denegación de servicio (uso después de liberación de memoria) o ... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6790 – chromium-browser: Escaping issue in saved pages
https://notcve.org/view.php?id=CVE-2015-6790
14 Dec 2015 — The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string. La función WebPageSerializerImpl::openTagToString en WebKit/Source/web/WebPageSerializerImpl.cpp en el serializador de página en Google Chrome ... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html • CWE-20: Improper Input Validation •