CVE-2017-5110 – chromium-browser: ui spoofing in payments dialog
https://notcve.org/view.php?id=CVE-2017-5110
Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. Una implementación incorrecta de la API de pagos web en las combinaciones blob: y data: en Web Payments en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto suplantase el contenido de Omnibox mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/717476 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5110 https://bugzilla.redhat.com/show_bug.cgi?id=1475213 • CWE-20: Improper Input Validation •
CVE-2017-5107 – chromium-browser: user information leak via svg
https://notcve.org/view.php?id=CVE-2017-5107
A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page. Un ataque basado en tiempo en SVG rendering en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Linux, Windows y Mac, permitía que un atacante remoto extrajese valores de píxel desde una página cross-origin a la que se le está incrustando iframes mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/686253 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5107 https://bugzilla.redhat.com/show_bug.cgi?id=1475210 • CWE-203: Observable Discrepancy •
CVE-2017-5092 – chromium-browser: use after free in ppapi
https://notcve.org/view.php?id=CVE-2017-5092
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Validación insuficiente de entradas no fiables en PPAPI Plugins en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Windows, permitía que un atacante remoto pudiese realizar un escape de espacio aislado o sandbox mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/733549 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5092 https://bugzilla.redhat.com/show_bug.cgi?id=1475194 • CWE-20: Improper Input Validation CWE-416: Use After Free •
CVE-2017-5108 – chromium-browser: type confusion in pdfium
https://notcve.org/view.php?id=CVE-2017-5108
Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file. Una confusión de tipos en PDFium en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto pudiese modificar objetos con fines maliciosos mediante un archivo PDF manipulado. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/695830 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5108 https://bugzilla.redhat.com/show_bug.cgi?id=1475211 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2017-5101 – chromium-browser: url spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5101
Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. Una implementación incorrecta en Omnibox en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Linux, Windows y Mac, permitía que un atacante remoto suplantase el contenido de Omnibox mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/681740 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5101 https://bugzilla.redhat.com/show_bug.cgi?id=1475203 •