CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-5104 – chromium-browser: ui spoofing in browser
https://notcve.org/view.php?id=CVE-2017-5104
Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page. Una implementación incorrecta en interstitials en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, permitía que un atacante remoto suplantase el contenido de Omnibox mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/729105 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5104 https://bugzilla.redhat.com/show_bug.cgi?id=1475206 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5110 – chromium-browser: ui spoofing in payments dialog
https://notcve.org/view.php?id=CVE-2017-5110
Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. Una implementación incorrecta de la API de pagos web en las combinaciones blob: y data: en Web Payments en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto suplantase el contenido de Omnibox mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/717476 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5110 https://bugzilla.redhat.com/show_bug.cgi?id=1475213 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5106 – chromium-browser: url spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5106
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. La falta de mecanismos suficientes para el cumplimiento de políticas en Omnibox en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto realizase una suplantación de dominio mediante homografías de IDN en un nombre de dominio manipulado. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/714628 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5106 https://bugzilla.redhat.com/show_bug.cgi?id=1475209 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5105 – chromium-browser: url spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5105
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. La falta de mecanismos suficientes para el cumplimiento de políticas en Omnibox en Google Chrome, en versiones anteriores a la 60.0.3112.78 para Mac, Windows, Linux y Android, permitía que un atacante remoto realizase una suplantación de dominio mediante homografías de IDN en un nombre de dominio manipulado. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html https://crbug.com/729979 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5105 https://bugzilla.redhat.com/show_bug.cgi?id=1475208 • CWE-20: Improper Input Validation •
CVSS: 9.6EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5087 – chromium-browser: sandbox escape in indexeddb
https://notcve.org/view.php?id=CVE-2017-5087
A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape. Un uso de memoria previamente liberada en Blink en Google Chrome, en versiones anteriores a la 59.0.3071.104 para Mac, Windows y Linux y a la 59.0.3071.117 para Android, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. Esto también se conoce como escape de espacio aislado o sandbox IndexedDB. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99096 http://www.securitytracker.com/id/1038765 https://access.redhat.com/errata/RHSA-2017:1495 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html https://crbug.com/725032 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5087 https://bugzilla.redhat.com/show_bug.cgi?id=1462148 • CWE-416: Use After Free •