NotCVE - vendor:"Google" product:"Chrome" version:"

Page 375 of 3368 results (0.017 seconds)

CVSS: 6.5EPSS: 1%CPEs: 9EXPL: 0

CVE-2017-5102 – chromium-browser: uninitialized use in skia

https://notcve.org/view.php?id=CVE-2017-5102

Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. El uso de un valor no inicializado en Skia en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto obtuviese información sensible de la memoria de procesos mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/727678 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5102 https://bugzilla.redhat.com/show_bug.cgi?id=1475204 • CWE-908: Use of Uninitialized Resource •

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0

CVE-2017-5107 – chromium-browser: user information leak via svg

https://notcve.org/view.php?id=CVE-2017-5107

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page. Un ataque basado en tiempo en SVG rendering en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Linux, Windows y Mac, permitía que un atacante remoto extrajese valores de píxel desde una página cross-origin a la que se le está incrustando iframes mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/686253 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5107 https://bugzilla.redhat.com/show_bug.cgi?id=1475210 • CWE-203: Observable Discrepancy •

CVSS: 8.8EPSS: 2%CPEs: 9EXPL: 0

CVE-2017-5091 – chromium-browser: use after free in indexeddb

https://notcve.org/view.php?id=CVE-2017-5091

A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso de memoria previamente liberada en IndexedDB en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Linux, Android, Windows y Mac, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/728887 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5091 https://bugzilla.redhat.com/show_bug.cgi?id=1475193 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0

CVE-2017-5092 – chromium-browser: use after free in ppapi

https://notcve.org/view.php?id=CVE-2017-5092

Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Validación insuficiente de entradas no fiables en PPAPI Plugins en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Windows, permitía que un atacante remoto pudiese realizar un escape de espacio aislado o sandbox mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/733549 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5092 https://bugzilla.redhat.com/show_bug.cgi?id=1475194 • CWE-20: Improper Input Validation CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2017-5096 – chromium-browser: user information leak via android intents

https://notcve.org/view.php?id=CVE-2017-5096

Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents. La falta de mecanismos suficientes para el cumplimiento de políticas durante la navegación entre diferentes temas en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Android, permitía que un atacante remoto realizase una descarga de cross origin content mediante una página HTML manipulada. Esto está relacionado con intents. • http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/714442 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5096 https://bugzilla.redhat.com/show_bug.cgi?id=1475198 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

1...373 374 375 376 377