Page 371 of 2577 results (0.011 seconds)

CVSS: 8.8EPSS: 2%CPEs: 11EXPL: 0

Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento aritmético en Skia en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Mac, windows y Linux y a la 61.0.3163.81 para Android, permitía que un atacante remoto pudiese explotar una corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100610 http://www.securitytracker.com/id/1039291 https://access.redhat.com/errata/RHSA-2017:2676 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html https://crbug.com/747043 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5113 https://bugzilla.redhat.com/show_bug.cgi?id=1488774 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0

A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. Un uso de memoria previamente liberada en PDFium en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Linux, Windows y Mac, permitía que un atacante remoto pudiese explotar una corrupción de memoria mediante un archivo PDF manipulado. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100610 http://www.securitytracker.com/id/1039291 https://access.redhat.com/errata/RHSA-2017:2676 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html https://crbug.com/737023 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5111 https://bugzilla.redhat.com/show_bug.cgi?id=1488772 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0

Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Una confusión de tipos en V8 en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Windows, permitía que un atacante remoto pudiese explotar una corrupción de objetos mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100610 http://www.securitytracker.com/id/1039291 https://access.redhat.com/errata/RHSA-2017:2676 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html https://crbug.com/744584 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5115 https://bugzilla.redhat.com/show_bug.cgi?id=1488776 • CWE-704: Incorrect Type Conversion or Cast •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. La validación de datos insuficiente en image data en PDFium en Google Chrome, en versiones anteriores a la 51.0.2704.63, permitió que un atacante remoto realizara una lectura de memoria fuera de límites mediante un archivo PDF manipulado. This vulnerability allows an attacker to leak sensitive information on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPEG images. A specially crafted JPEG image embedded inside a PDF can force Google Chrome to read memory past the end of an allocated object. • https://chromereleases.googleblog.com/2016/05/stable-channel-update_25.html https://crbug.com/602046 • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. Una implementación incorrecta en Omnibox en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Linux, Windows y Mac, permitía que un atacante remoto suplantase el contenido de Omnibox mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/681740 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5101 https://bugzilla.redhat.com/show_bug.cgi?id=1475203 •