CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5083 – chromium-browser: ui spoofing in blink
https://notcve.org/view.php?id=CVE-2017-5083
Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. Una implementación incorrecta en Blink en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Mac, Windows y Linux y a la 59.0.3071.92 para Android, permitía que un atacante remoto mostrase la interfaz de usuario en una pestaña no controlada por el atacante mediante una página HTML manipulada. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/714849 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5083 https://bugzilla.redhat.com/show_bug.cgi?id=1459036 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5073 – chromium-browser: use after free in print preview
https://notcve.org/view.php?id=CVE-2017-5073
Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso de memoria previamente liberada en la vista previa de impresión en Blink en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Linux, Windows y Mac y a la 59.0.3071.92 para Android, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/716474 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5073 https://bugzilla.redhat.com/show_bug.cgi?id=1459024 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5075 – chromium-browser: information leak in csp reporting
https://notcve.org/view.php?id=CVE-2017-5075
Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page. Una implementación inapropiada en la creación de informes de CSP en Blink en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Linux, Windows y Mac y a la 59.0.3071.92 para Android, permitía que un atacante remoto obtuviese el valor de fragmentos de URL mediante una página HTML manipulada. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/678776 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5075 https://bugzilla.redhat.com/show_bug.cgi?id=1459027 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2017-5080 – chromium-browser: use after free in credit card autofill
https://notcve.org/view.php?id=CVE-2017-5080
A use after free in credit card autofill in Google Chrome prior to 59.0.3071.86 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso de memoria previamente liberada en el autocompletado de tarjeta de crédito en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Linux y Windows, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/708819 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5080 https://bugzilla.redhat.com/show_bug.cgi?id=1459033 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-5086 – chromium-browser: address spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5086
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. La falta de mecanismos suficientes para el cumplimiento de políticas en Omnibox en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Windows y Mac, permitía que un atacante remoto realizase una suplantación de dominio mediante homografías de IDN en un nombre de dominio manipulado. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/722639 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5086 https://bugzilla.redhat.com/show_bug.cgi?id=1459028 • CWE-20: Improper Input Validation •