Page 29 of 817 results (0.005 seconds)

CVSS: 6.5EPSS: 2%CPEs: 8EXPL: 0

CVE-2016-1687 – chromium-browser: information leak in extensions

https://notcve.org/view.php?id=CVE-2016-1687

01 Jun 2016 — The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions. La implementación del renderizador en Google Chrome en versiones anteriores a 51.0.2704.63 no restringe correctamente la exposición pública de clases, lo que permite a atacantes remotos obtener información sensible a través de vectores relacionados con las extensiones. Chromium is an open-sourc... • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0

CVE-2016-1694 – chromium-browser: hpkp pins removed on cache clearance

https://notcve.org/view.php?id=CVE-2016-1694

01 Jun 2016 — browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid certificate from an arbitrary recognized Certification Authority. browser/browsing_data/browsing_data_remover.cc en Google Chrome en versiones anteriores a 51.0.2704.63 borra los pins HPKP durante la limpieza de la caché, lo que hace más fácil para atacantes remotos suplantar páginas web a través de un certifica... • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html • CWE-284: Improper Access Control •

CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0

CVE-2016-1680 – chromium-browser: heap use-after-free in skia

https://notcve.org/view.php?id=CVE-2016-1680

01 Jun 2016 — Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación de memoria en ports/SkFontHost_FreeType.cpp en Skia, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63, permite a atacantes remotos provocar una denegación del servicio (corrupción de la mem... • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0

CVE-2016-1695 – chromium-browser: various fixes from internal audits

https://notcve.org/view.php?id=CVE-2016-1695

01 Jun 2016 — Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 51.0.2704.63 permiten a atacantes remotos provocar una denegación del servicio o posiblemente tener otro impacto a través de vectores desconocidos. An unspecified security issue was discovered in Blink. If a user were tricked in to opening a specially cra... • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html •

CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0

CVE-2016-1691 – chromium-browser: heap buffer-overflow in skia

https://notcve.org/view.php?id=CVE-2016-1691

01 Jun 2016 — Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and SkPathOpsCommon.cpp. Skia, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63, no maneja correctamente la ejecución de coincidencia, lo que permite a atacantes remotos provocar una denegación del servicio (desbordamiento de buf... • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0

CVE-2016-1682 – chromium-browser: csp bypass for serviceworker

https://notcve.org/view.php?id=CVE-2016-1682

01 Jun 2016 — The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration. La función ServiceWorkerContainer::registerServiceWorkerImpl en WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp en Blink, como es usada en Google Chrome en versiones anteriores a 51.0.270... • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •

CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0

CVE-2016-1693 – chromium-browser: http download of software removal tool

https://notcve.org/view.php?id=CVE-2016-1693

01 Jun 2016 — browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack on an HTTP session. browser/safe_browsing/srt_field_trial_win.cc en Google Chrome en versiones anteriores a 51.0.2704.63 no usa el servicio HTTPS en dl.google.com para obtener el Software Removal Tool, lo que permite a atacantes sup... • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html • CWE-284: Improper Access Control •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0

CVE-2016-1674 – chromium-browser: cross-origin bypass in extensions

https://notcve.org/view.php?id=CVE-2016-1674

01 Jun 2016 — The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors. El subsistema de extensiones en Google Chrome en versiones anteriores a 51.0.2704.63 permite a atacantes remotos eludir la Same Origin Policy a través de vectores no especificados. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 51.0.2704.63. Security Fix: Multiple flaws were found in the processing of malformed we... • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

CVE-2016-1683 – chromium-browser: out-of-bounds access in libxslt

https://notcve.org/view.php?id=CVE-2016-1683

01 Jun 2016 — numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. numbers.c in libxslt en verisones anteriores a 1.1.29, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63, no maneja correctamente los nodos de espacio de nombres, lo que permite a atacantes remotos provocar una denegación ... • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0

CVE-2016-1672 – chromium-browser: cross-origin bypass in extension bindings

https://notcve.org/view.php?id=CVE-2016-1672

01 Jun 2016 — The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors. La función ModuleSystem::RequireForJsInner en extensions/renderer/module_system.cc en las extensiones vinculantes en Google Chrome en versiones anteriores a 51.0.2704.63 no maneja correctamente las propiedades, ... • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •