CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5083 – chromium-browser: ui spoofing in blink
https://notcve.org/view.php?id=CVE-2017-5083
Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. Una implementación incorrecta en Blink en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Mac, Windows y Linux y a la 59.0.3071.92 para Android, permitía que un atacante remoto mostrase la interfaz de usuario en una pestaña no controlada por el atacante mediante una página HTML manipulada. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/714849 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5083 https://bugzilla.redhat.com/show_bug.cgi?id=1459036 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5072 – chromium-browser: address spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5072
Inappropriate implementation in Omnibox in Google Chrome prior to 59.0.3071.92 for Android allowed a remote attacker to perform domain spoofing with RTL characters via a crafted URL page. Una implementación inapropiada en Omnibox en Google Chrome, en versiones anteriores a la 59.0.3071.92 para Android, permitía que un atacante remoto realizase una suplantación de dominio con caracteres RTL mediante una página URL manipulada. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/709417 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5072 https://bugzilla.redhat.com/show_bug.cgi?id=1459023 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-5068 – chromium-browser: race condition in webrtc
https://notcve.org/view.php?id=CVE-2017-5068
Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page. Una gestión incorrecta del ID de imagen en WebRTC en Google Chrome, en versiones anteriores a la 58.0.3029.96 para Mac, Windows y Linux, permitía que un atacante remoto desencadenase una condición de carrera mediante una página HTML manipulada. • http://www.securityfocus.com/bid/98288 https://access.redhat.com/errata/RHSA-2017:1228 https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-desktop.html https://crbug.com/679306 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5068 https://bugzilla.redhat.com/show_bug.cgi?id=1448031 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5069 – chromium-browser: cross-origin bypass in blink
https://notcve.org/view.php?id=CVE-2017-5069
Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent Cross-Origin Resource Sharing checks via a crafted HTML page. Un tipo MIME incorrecto de informes XSS-Protection en Blink en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Linux, Windows y Mac y a la 58.0.3029.83 para Android, permitía que un atacante remoto sortease las comprobaciones Cross-Origin Resource Sharing mediante una página HTML manipulada. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/691726 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5069 https://bugzilla.redhat.com/show_bug.cgi?id=1443850 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5063 – chromium-browser: heap overflow in skia
https://notcve.org/view.php?id=CVE-2017-5063
A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un desbordamiento numérico en Skia en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Linux, Windows y Mac y a la 58.0.3029.83 para Android, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/700836 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5063 https://bugzilla.redhat.com/show_bug.cgi?id=1443841 • CWE-190: Integer Overflow or Wraparound •