CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5088 – chromium-browser: out of bounds read in v8
https://notcve.org/view.php?id=CVE-2017-5088
Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Una validación insuficiente de entradas no fiables en V8 en Google Chrome, en versiones anteriores a la 59.0.3071.104 para Mac, Windows y Linux y a la 59.0.3071.117 para Android, permitía que un atacante remoto realizase un acceso a la memoria fuera de límites mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99096 http://www.securitytracker.com/id/1038765 https://access.redhat.com/errata/RHSA-2017:1495 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html https://crbug.com/729991 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5088 https://bugzilla.redhat.com/show_bug.cgi?id=1462149 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-5089 – chromium-browser: domain spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5089
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name. La falta de mecanismos suficientes para el cumplimiento de políticas en Omnibox en Google Chrome, en versiones anteriores a la 59.0.3071.104 para Mac, permitía que un atacante remoto realizase una suplantación de dominio mediante un nombre de dominio manipulado. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99096 http://www.securitytracker.com/id/1038765 https://access.redhat.com/errata/RHSA-2017:1495 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html https://crbug.com/714196 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5089 https://bugzilla.redhat.com/show_bug.cgi?id=1462151 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-5074 – chromium-browser: use after free in apps bluetooth
https://notcve.org/view.php?id=CVE-2017-5074
A use after free in Chrome Apps in Google Chrome prior to 59.0.3071.86 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, related to Bluetooth. Un uso de memoria previamente liberada en Chrome Apps en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Windows, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. Esto está relacionado con Bluetooth. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/700040 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5074 https://bugzilla.redhat.com/show_bug.cgi?id=1459025 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5082 – chromium-browser: insufficient hardening in credit card editor
https://notcve.org/view.php?id=CVE-2017-5082
Failure to take advantage of available mitigations in credit card autofill in Google Chrome prior to 59.0.3071.92 for Android allowed a local attacker to take screen shots of credit card information via a crafted HTML page. Un fallo a la hora de aprovechar las mitigaciones disponibles en el autocompletado de tarjeta de crédito en Google Chrome, en versiones anteriores a la 59.0.3071.92 para Android, permitía que un atacante local realizase capturas de pantalla de linformación de tarjetas de crédito mediante una página HTML manipulada. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/721579 https://security.gentoo.org/glsa/201706-20 https://wwws.nightwatchcybersecurity.com/2017/07/27/chrome-for-android-didnt-use-flag_secure-for-credit-card-prefill-settings-cve-2017-5082 https://access.redhat.com/security/cve/CVE-2017-5082 https://bugzilla • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5085 – chromium-browser: inappropriate javascript execution on webui pages
https://notcve.org/view.php?id=CVE-2017-5085
Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark. Una implementación incorrecta en Bookmarks en Google Chrome, en versiones anteriores a la 59 para iOS, permitía que un atacante remoto que hubiese convencido a un usuario para realizar ciertas operaciones ejecutase código JavaScript en páginas chrome:// mediante un marcador manipulado. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/692378 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5085 https://bugzilla.redhat.com/show_bug.cgi?id=1459037 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •