CVE-2017-5079 – chromium-browser: ui spoofing in blink
https://notcve.org/view.php?id=CVE-2017-5079
Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. Una implementación inapropiada en Blink en Google Chrome, en versiones anteriores a la 59.0.3071.86 para Mac, Windows y Linux y a la 59.0.3071.92 para Android, permitía que un atacante remoto mostrase la interfaz de usuario en una pestaña no controlada por el atacante mediante una página HTML manipulada. • http://www.securityfocus.com/bid/98861 http://www.securitytracker.com/id/1038622 https://access.redhat.com/errata/RHSA-2017:1399 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html https://crbug.com/713686 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5079 https://bugzilla.redhat.com/show_bug.cgi?id=1459032 • CWE-20: Improper Input Validation •
CVE-2017-5068 – chromium-browser: race condition in webrtc
https://notcve.org/view.php?id=CVE-2017-5068
Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page. Una gestión incorrecta del ID de imagen en WebRTC en Google Chrome, en versiones anteriores a la 58.0.3029.96 para Mac, Windows y Linux, permitía que un atacante remoto desencadenase una condición de carrera mediante una página HTML manipulada. • http://www.securityfocus.com/bid/98288 https://access.redhat.com/errata/RHSA-2017:1228 https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-desktop.html https://crbug.com/679306 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5068 https://bugzilla.redhat.com/show_bug.cgi?id=1448031 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2017-5061 – chromium-browser: url spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5061
A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Una condición de carrera en navigation en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Linux, Windows y Mac, permitía que un atacante remoto suplantase el contenido de la Omnibox (barra de direcciones) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/672847 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5061 https://bugzilla.redhat.com/show_bug.cgi?id=1443839 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2017-5057 – chromium-browser: type confusion in pdfium
https://notcve.org/view.php?id=CVE-2017-5057
Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. Verificaciones insuficientes de consistencia en la manipulación de firmas en la pila de red en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Mac, Windows y Linux y a la 58.0.3029.83 para Android, permitían que un atacante remoto aceptase un certificado X.509 mal formado mediante una página HTML manipulada. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/695826 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5057 https://bugzilla.redhat.com/show_bug.cgi?id=1443835 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2017-5065 – chromium-browser: incorrect ui in blink
https://notcve.org/view.php?id=CVE-2017-5065
Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page. La falta de una acción adecuada en la navegación de páginas en Blink en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Windows y Mac, permitía que un atacante remoto pudiese confundir a un usuario para que realizase una decisión en materia de seguridad incorrecta mediante una página HTML manipulada. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/704560 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5065 https://bugzilla.redhat.com/show_bug.cgi?id=1443847 • CWE-20: Improper Input Validation •