CVE-2017-5094 – chromium-browser: type confusion in extensions
https://notcve.org/view.php?id=CVE-2017-5094
Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page. Una confusión de tipos en extensions JavaScript bindings en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto pudiese modificar objetos con fines maliciosos mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/702946 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5094 https://bugzilla.redhat.com/show_bug.cgi?id=1475196 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2017-5109 – chromium-browser: ui spoofing in browser
https://notcve.org/view.php?id=CVE-2017-5109
Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. Una implementación incorrecta de la gestión del manipulador de descargas en solicitudes de permisos en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Linux, Windows y Mac, permitía que un atacante remoto mostrase la interfaz de usuario en una pestaña no controlada por el atacante mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/710400 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5109 https://bugzilla.redhat.com/show_bug.cgi?id=1475212 • CWE-20: Improper Input Validation •
CVE-2017-5100 – chromium-browser: use after free in chrome apps
https://notcve.org/view.php?id=CVE-2017-5100
A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso de memoria previamente liberada en Apps en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Windows, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/718292 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5100 https://bugzilla.redhat.com/show_bug.cgi?id=1475202 • CWE-416: Use After Free •
CVE-2017-5093 – chromium-browser: ui spoofing in blink
https://notcve.org/view.php?id=CVE-2017-5093
Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page. Una implementación incorrecta en la manipulación de diálogos modal en Blink en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto evitase que se mostrase una advertencia en pantalla completa mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/550017 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5093 https://bugzilla.redhat.com/show_bug.cgi?id=1475195 • CWE-20: Improper Input Validation CWE-223: Omission of Security-relevant Information •
CVE-2017-5106 – chromium-browser: url spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5106
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. La falta de mecanismos suficientes para el cumplimiento de políticas en Omnibox en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto realizase una suplantación de dominio mediante homografías de IDN en un nombre de dominio manipulado. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/714628 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5106 https://bugzilla.redhat.com/show_bug.cgi?id=1475209 • CWE-20: Improper Input Validation •