CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-5065 – chromium-browser: incorrect ui in blink
https://notcve.org/view.php?id=CVE-2017-5065
Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page. La falta de una acción adecuada en la navegación de páginas en Blink en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Windows y Mac, permitía que un atacante remoto pudiese confundir a un usuario para que realizase una decisión en materia de seguridad incorrecta mediante una página HTML manipulada. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/704560 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5065 https://bugzilla.redhat.com/show_bug.cgi?id=1443847 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 16%CPEs: 9EXPL: 0CVE-2017-5059 – Google Chrome List Item Marker Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-5059
Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page. Una confusión de tipos en Blink en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Linux, Windows y Mac y a la 58.0.3029.83 para Android, permitía que un atacante remoto pudiese ejecutar código mediante una página HTML manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of list item markers. It's possible to trigger a type confusion condition by manipulating a document's elements. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/684684 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5059 https://bugzilla.redhat.com/show_bug.cgi?id=1443837 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5063 – chromium-browser: heap overflow in skia
https://notcve.org/view.php?id=CVE-2017-5063
A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un desbordamiento numérico en Skia en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Linux, Windows y Mac y a la 58.0.3029.83 para Android, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/700836 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5063 https://bugzilla.redhat.com/show_bug.cgi?id=1443841 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-5058 – chromium-browser: heap use after free in print preview
https://notcve.org/view.php?id=CVE-2017-5058
A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Un uso de memoria previamente liberada en PrintPreview en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Windows, permitía que un atacante remoto pudiese realizar un acceso a la memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/694382 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5058 https://bugzilla.redhat.com/show_bug.cgi?id=1443836 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5060 – chromium-browser: url spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5060
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. La falta de mecanismos suficientes para el cumplimiento de políticas en Omnibox en Google Chrome en versiones anteriores a la 58.0.3029.81 para Mac, Windows y Linux y a la 58.0.3029.83 para Android, permitía que un atacante remoto realizase una suplantación de dominio mediante homografías de IDN en un nombre de dominio manipulado. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/683314 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5060 https://bugzilla.redhat.com/show_bug.cgi?id=1443838 • CWE-863: Incorrect Authorization •