CVE-2017-5072 – chromium-browser: address spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5072
Inappropriate implementation in Omnibox in Google Chrome prior to 59.0.3071.92 for Android allowed a remote attacker to perform domain spoofing with RTL characters via a crafted URL page. Una implementación inapropiada en Omnibox en Google Chrome, en versiones anteriores a la 59.0.3071.92 para Android, permitía que un atacante remoto realizase una suplantación de dominio con caracteres RTL mediante una página URL manipulada. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/709417 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5072 https://bugzilla.redhat.com/show_bug.cgi?id=1459023 • CWE-20: Improper Input Validation •
CVE-2017-5081 – chromium-browser: extension verification bypass
https://notcve.org/view.php?id=CVE-2017-5081
Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files. Una falta de verificación de la carpeta locale de una extensión en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Mac, Windows y Linux y a la 59.0.3071.92 para Android, permitía que un atacante con acceso de escritura local modificase extensiones mediante la modificación de archivos de extensión. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/672008 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5081 https://bugzilla.redhat.com/show_bug.cgi?id=1459034 • CWE-20: Improper Input Validation •
CVE-2017-5083 – chromium-browser: ui spoofing in blink
https://notcve.org/view.php?id=CVE-2017-5083
Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. Una implementación incorrecta en Blink en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Mac, Windows y Linux y a la 59.0.3071.92 para Android, permitía que un atacante remoto mostrase la interfaz de usuario en una pestaña no controlada por el atacante mediante una página HTML manipulada. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/714849 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5083 https://bugzilla.redhat.com/show_bug.cgi?id=1459036 • CWE-20: Improper Input Validation •
CVE-2017-5073 – chromium-browser: use after free in print preview
https://notcve.org/view.php?id=CVE-2017-5073
Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso de memoria previamente liberada en la vista previa de impresión en Blink en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Linux, Windows y Mac y a la 59.0.3071.92 para Android, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/716474 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5073 https://bugzilla.redhat.com/show_bug.cgi?id=1459024 • CWE-416: Use After Free •
CVE-2017-5074 – chromium-browser: use after free in apps bluetooth
https://notcve.org/view.php?id=CVE-2017-5074
A use after free in Chrome Apps in Google Chrome prior to 59.0.3071.86 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, related to Bluetooth. Un uso de memoria previamente liberada en Chrome Apps en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Windows, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. Esto está relacionado con Bluetooth. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/700040 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5074 https://bugzilla.redhat.com/show_bug.cgi?id=1459025 • CWE-416: Use After Free •