CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2017-5081 – chromium-browser: extension verification bypass
https://notcve.org/view.php?id=CVE-2017-5081
Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files. Una falta de verificación de la carpeta locale de una extensión en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Mac, Windows y Linux y a la 59.0.3071.92 para Android, permitía que un atacante con acceso de escritura local modificase extensiones mediante la modificación de archivos de extensión. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/672008 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5081 https://bugzilla.redhat.com/show_bug.cgi?id=1459034 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5083 – chromium-browser: ui spoofing in blink
https://notcve.org/view.php?id=CVE-2017-5083
Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. Una implementación incorrecta en Blink en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Mac, Windows y Linux y a la 59.0.3071.92 para Android, permitía que un atacante remoto mostrase la interfaz de usuario en una pestaña no controlada por el atacante mediante una página HTML manipulada. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/714849 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5083 https://bugzilla.redhat.com/show_bug.cgi?id=1459036 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5073 – chromium-browser: use after free in print preview
https://notcve.org/view.php?id=CVE-2017-5073
Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso de memoria previamente liberada en la vista previa de impresión en Blink en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Linux, Windows y Mac y a la 59.0.3071.92 para Android, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/716474 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5073 https://bugzilla.redhat.com/show_bug.cgi?id=1459024 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-5074 – chromium-browser: use after free in apps bluetooth
https://notcve.org/view.php?id=CVE-2017-5074
A use after free in Chrome Apps in Google Chrome prior to 59.0.3071.86 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, related to Bluetooth. Un uso de memoria previamente liberada en Chrome Apps en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Windows, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. Esto está relacionado con Bluetooth. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/700040 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5074 https://bugzilla.redhat.com/show_bug.cgi?id=1459025 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5082 – chromium-browser: insufficient hardening in credit card editor
https://notcve.org/view.php?id=CVE-2017-5082
Failure to take advantage of available mitigations in credit card autofill in Google Chrome prior to 59.0.3071.92 for Android allowed a local attacker to take screen shots of credit card information via a crafted HTML page. Un fallo a la hora de aprovechar las mitigaciones disponibles en el autocompletado de tarjeta de crédito en Google Chrome, en versiones anteriores a la 59.0.3071.92 para Android, permitía que un atacante local realizase capturas de pantalla de linformación de tarjetas de crédito mediante una página HTML manipulada. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/721579 https://security.gentoo.org/glsa/201706-20 https://wwws.nightwatchcybersecurity.com/2017/07/27/chrome-for-android-didnt-use-flag_secure-for-credit-card-prefill-settings-cve-2017-5082 https://access.redhat.com/security/cve/CVE-2017-5082 https://bugzilla • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •