CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15413 – chromium-browser: type confusion in webassembly
https://notcve.org/view.php?id=CVE-2017-15413
Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Confusión de tipos en WebAssembly en V8 en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. • https://access.redhat.com/errata/RHSA-2017:3401 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/766666 https://security.gentoo.org/glsa/201801-03 https://www.debian.org/security/2017/dsa-4064 https://access.redhat.com/security/cve/CVE-2017-15413 https://bugzilla.redhat.com/show_bug.cgi?id=1523129 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15418 – chromium-browser: use of uninitialized value in skia
https://notcve.org/view.php?id=CVE-2017-15418
Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Uso de memoria no inicializada en Skia en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto pudiese obtener información potencialmente sensible del la memoria del proceso mediante una página HTML manipulada. • https://access.redhat.com/errata/RHSA-2017:3401 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/765858 https://security.gentoo.org/glsa/201801-03 https://www.debian.org/security/2017/dsa-4064 https://access.redhat.com/security/cve/CVE-2017-15418 https://bugzilla.redhat.com/show_bug.cgi?id=1523133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2017-15409 – chromium-browser: out of bounds write in skia
https://notcve.org/view.php?id=CVE-2017-15409
Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Desbordamiento de búfer basado en memoria dinámica (heap) en Skia en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. • https://access.redhat.com/errata/RHSA-2017:3401 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/763972 https://security.gentoo.org/glsa/201801-03 https://www.debian.org/security/2017/dsa-4064 https://access.redhat.com/security/cve/CVE-2017-15409 https://bugzilla.redhat.com/show_bug.cgi?id=1523125 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15425 – chromium-browser: url spoof in omnibox
https://notcve.org/view.php?id=CVE-2017-15425
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. Una aplicación de políticas insuficiente en Omnibox en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto suplantase dominios mediante homogramas IDN en un nombre de dominio manipulado. • https://access.redhat.com/errata/RHSA-2017:3401 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/756456 https://security.gentoo.org/glsa/201801-03 https://www.debian.org/security/2017/dsa-4064 https://access.redhat.com/security/cve/CVE-2017-15425 https://bugzilla.redhat.com/show_bug.cgi?id=1523139 • CWE-20: Improper Input Validation •
CVSS: 9.6EPSS: 2%CPEs: 5EXPL: 0CVE-2017-15407 – chromium-browser: out of bounds write in quic
https://notcve.org/view.php?id=CVE-2017-15407
Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server. Una escritura fuera de límites en la pila de networking QUIC en Google Chrome en versiones anteriores a la 63.0.3239.84 permitía que un atacante remoto pudiese ejecutar código mediante un servidor malicioso. • https://access.redhat.com/errata/RHSA-2017:3401 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/778505 https://security.gentoo.org/glsa/201801-03 https://www.debian.org/security/2017/dsa-4064 https://access.redhat.com/security/cve/CVE-2017-15407 https://bugzilla.redhat.com/show_bug.cgi?id=1523123 • CWE-787: Out-of-bounds Write •