CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2017-5118 – chromium-browser: bypass of content security policy in blink
https://notcve.org/view.php?id=CVE-2017-5118
Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page. Blink en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Mac, Windows y Linux y a la 61.0.3163.81 para Android, no propagaba correctamente las restricciones CSP para páginas de temas JavaScript, lo que permitía que un atacante remoto omitiese la política de seguridad de contenido (CSP) mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100610 http://www.securitytracker.com/id/1039291 https://access.redhat.com/errata/RHSA-2017:2676 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html https://crbug.com/747847 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5118 https://bugzilla.redhat.com/show_bug.cgi?id=1488779 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2017-5119 – chromium-browser: use of uninitialized value in skia
https://notcve.org/view.php?id=CVE-2017-5119
Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. El uso de un valor no inicializado en Skia en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Mac, Windows y Linux y a la 61.0.3163.81 para Android, permitía que un atacante remoto pudiese obtener información sensible de la memoria de procesos mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100610 http://www.securitytracker.com/id/1039291 https://access.redhat.com/errata/RHSA-2017:2676 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html https://crbug.com/725127 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5119 https://bugzilla.redhat.com/show_bug.cgi?id=1488781 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2017-5120 – chromium-browser: potential https downgrade during redirect navigation
https://notcve.org/view.php?id=CVE-2017-5120
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring). El uso incorrecto de redirecciones no coincidentes de www en la navegación por el explorador en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Mac, Windows y Linux y a la 61.0.3163.81 para Android, permitía que un atacante remoto degradase las peticiones HTTPS a HTTP mediante una página HTML manipulada. En otras palabras, Chrome podría transmitir texto en claro incluso aunque el usuario hubiese introducido una URL https. Esto se debe a un método alternativo mal diseñado para los casos en los que el nombre de dominio en una URL casi coincide con el nombre de dominio en un certificado del servidor X.509 (pero difiere en la subcadena "www." inicial). • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100610 http://www.securitytracker.com/id/1039291 https://access.redhat.com/errata/RHSA-2017:2676 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html https://crbug.com/718676 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5120 https://bugzilla.redhat.com/show_bug.cgi?id=1488782 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10403 – Google Chrome PDFium JPEG Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-10403
Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. La validación de datos insuficiente en image data en PDFium en Google Chrome, en versiones anteriores a la 51.0.2704.63, permitió que un atacante remoto realizara una lectura de memoria fuera de límites mediante un archivo PDF manipulado. This vulnerability allows an attacker to leak sensitive information on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPEG images. A specially crafted JPEG image embedded inside a PDF can force Google Chrome to read memory past the end of an allocated object. • https://chromereleases.googleblog.com/2016/05/stable-channel-update_25.html https://crbug.com/602046 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 2%CPEs: 9EXPL: 0CVE-2017-5091 – chromium-browser: use after free in indexeddb
https://notcve.org/view.php?id=CVE-2017-5091
A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso de memoria previamente liberada en IndexedDB en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Linux, Android, Windows y Mac, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/728887 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5091 https://bugzilla.redhat.com/show_bug.cgi?id=1475193 • CWE-416: Use After Free •