CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1615 – chromium-browser: origin confusion in Omnibox
https://notcve.org/view.php?id=CVE-2016-1615
25 Jan 2016 — The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors. La implementación de Omnibox en Google Chrome en versiones anteriores a 48.0.2564.82 permite a atacantes remotos suplantar el origen de un documento a través de vectores no especificados. Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Ch... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html • CWE-254: 7PK - Security Features •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1616 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1616
25 Jan 2016 — The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button. La función CustomButton::AcceleratorPressed en ui/views/controls/button/custom_button.cc en Google Chrome en versiones anteriores a 48.0.2564.82 permite a atacantes remotos suplantar URLs a través de vectores implicando un botón personalizado no enfocado. Chromium is an open-source web browser, ... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html • CWE-254: 7PK - Security Features •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1617 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1617
25 Jan 2016 — The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. La función CSPSource::schemeMatches en WebKit/Source/core/frame/csp/CSPSource.cpp en la implementación... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1618 – chromium-browser: weak random number generator in Blink
https://notcve.org/view.php?id=CVE-2016-1618
25 Jan 2016 — Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. Blink, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, no asegura que se utilice un generador de números aleatorios cryptographicallyRandomValues adecuado, lo que hace más fácil para atacantes remotos vencer mecanismos de p... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 7.6EPSS: 2%CPEs: 1EXPL: 0CVE-2016-1619 – chromium-browser: out-of-bounds read in PDFium
https://notcve.org/view.php?id=CVE-2016-1619
25 Jan 2016 — Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document. Múltiples desbordamientos de enteros en las funciones (1) sycc422_to_rgb y (2) sycc444_to_rgb en fxcodec/codec/fx_codec_jpx_opj.cpp en PDFium, tal como se utiliza en Google Chrome en versi... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1620 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1620
25 Jan 2016 — Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 48.0.2564.82 permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. A bad cast was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2051 – chromium-browser: Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17
https://notcve.org/view.php?id=CVE-2016-2051
25 Jan 2016 — Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.8.271.17, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. A b... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2052 – chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6
https://notcve.org/view.php?id=CVE-2016-2052
25 Jan 2016 — Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947. Múltiples vulnerabilidades no especificadas en HarfBuzz en versiones anteriores a 1.0.6, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, permiten a... • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html •
CVSS: 8.8EPSS: 8%CPEs: 1EXPL: 1CVE-2015-8664 – Google Chrome - Renderer Process to Browser Process Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-8664
24 Dec 2015 — Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792. Desbordamiento de entero en la función the WebCursor::Deserialize en content/common/cursors/webcursor.cc en Google Chrome en versiones anteriores a la 47.0.2526.106 permite a atacantes remo... • https://www.exploit-db.com/exploits/39039 • CWE-189: Numeric Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2015-6792 – chromium-browser: Fixes from internal audits and fuzzing
https://notcve.org/view.php?id=CVE-2015-6792
17 Dec 2015 — The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664. El subsistema MIDI en Google Chrome en versiones anteriores a la 47.0.2526.106 no maneja correctamente el envío de datos, lo que permite a atacantes remotos e... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html •