CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2017-5129 – chromium-browser: use after free in webaudio
https://notcve.org/view.php?id=CVE-2017-5129
A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso de memoria previamente liberada en WebAudio en Blink en Google Chrome, en versiones anteriores a la 62.0.3202.62, permitía que un atacante remoto realice una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/101482 https://access.redhat.com/errata/RHSA-2017:2997 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html https://crbug.com/765495 https://security.gentoo.org/glsa/201710-24 https://www.debian.org/security/2017/dsa-4020 https://access.redhat.com/security/cve/CVE-2017-5129 https://bugzilla.redhat.com/show_bug.cgi?id=1503535 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2017-15394 – chromium-browser: url spoofing in extensions ui
https://notcve.org/view.php?id=CVE-2017-15394
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension. La aplicación de políticas insuficiente en Extensions en Google Chrome, en versiones anteriores a la 62.0.3202.62, permite que un atacante remoto realice una suplantación de dominios en diálogos de permiso mediante homógrafos IDN en una Extensión Chrome manipulada. • https://github.com/sudosammy/CVE-2017-15394 http://www.securityfocus.com/bid/101482 https://access.redhat.com/errata/RHSA-2017:2997 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html https://crbug.com/745580 https://security.gentoo.org/glsa/201710-24 https://www.debian.org/security/2017/dsa-4020 https://access.redhat.com/security/cve/CVE-2017-15394 https://bugzilla.redhat.com/show_bug.cgi?id=1503549 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 0CVE-2017-5131 – chromium-browser: out of bounds write in skia
https://notcve.org/view.php?id=CVE-2017-5131
An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write. Un desbordamiento de enteros en Skia en Google Chrome, en versiones anteriores a la 62.0.3202.62, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Esto también se conoce como escritura fuera de límites. • http://www.securityfocus.com/bid/101482 https://access.redhat.com/errata/RHSA-2017:2997 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html https://crbug.com/744109 https://security.gentoo.org/glsa/201710-24 https://www.debian.org/security/2017/dsa-4020 https://access.redhat.com/security/cve/CVE-2017-5131 https://bugzilla.redhat.com/show_bug.cgi?id=1503538 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 3%CPEs: 3EXPL: 0CVE-2017-15393 – chromium-browser: referrer leak in devtools
https://notcve.org/view.php?id=CVE-2017-15393
Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak. La aplicación de políticas insuficiente en la depuración remota de Devtools en Google Chrome, en versiones anteriores a la 62.0.3202.62, permite que un atacante remoto obtenga acceso a la funcionalidad de depuración remota mediante una página HTML manipulada. Esto también se conoce como fuga de Referers. • http://www.securityfocus.com/bid/101482 https://access.redhat.com/errata/RHSA-2017:2997 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html https://crbug.com/732751 https://security.gentoo.org/glsa/201710-24 https://www.debian.org/security/2017/dsa-4020 https://access.redhat.com/security/cve/CVE-2017-15393 https://bugzilla.redhat.com/show_bug.cgi?id=1503548 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 0CVE-2017-5128 – chromium-browser: heap overflow in webgl
https://notcve.org/view.php?id=CVE-2017-5128
Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, related to WebGL. Un desbordamiento de búfer basado en memoria dinámica (heap) en Blink en Google Chrome, en versiones anteriores a la 62.0.3202.62, permite que un atacante remoto explote la corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. Esto se relaciona con WebGL. • http://www.securityfocus.com/bid/101482 https://access.redhat.com/errata/RHSA-2017:2997 https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html https://crbug.com/765469 https://security.gentoo.org/glsa/201710-24 https://www.debian.org/security/2017/dsa-4020 https://access.redhat.com/security/cve/CVE-2017-5128 https://bugzilla.redhat.com/show_bug.cgi?id=1503534 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •