CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-5049
https://notcve.org/view.php?id=CVE-2017-5049
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. Un desbordamiento de entero en FFmpeg de Google Chrome versiones anteriores a 57.0.2987.98 para Mac, Windows, y Linux y versión 57.0.2987.108 para Android permitiría a un atacante remoto escribir fuera de los límites de memoria a través de un archivo de vídeo especialmente diseñado. Relacionado con ChunkDemuxer. • https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/679646 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-5050
https://notcve.org/view.php?id=CVE-2017-5050
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. Un desbordamiento de entero en FFmpeg de Google Chrome versiones anteriores a 57.0.2987.98 para Mac, Windows, y Linux y versión 57.0.2987.108 para Android permitiría a un atacante remoto escribir fuera de los límites de memoria a través de un archivo de vídeo especialmente diseñado. Relacionado con ChunkDemuxer. • https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/679645 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5168
https://notcve.org/view.php?id=CVE-2016-5168
Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information. Skia, tal como se usa en Google Chrome en versiones anteriores a 50.0.2661.94, permite a atacantes remotos eludir la Same Origin Policy y obtener la información sensible. • http://www.securityfocus.com/bid/89106 https://bugs.chromium.org/p/chromium/issues/detail?id=586820 https://chromereleases.googleblog.com/2016/04/stable-channel-update_28.html https://www.contextis.com//documents/2/Browser_Timing_Attacks.pdf • CWE-346: Origin Validation Error •
CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 0CVE-2017-5055 – chromium-browser: use after free in printing
https://notcve.org/view.php?id=CVE-2017-5055
A use after free in printing in Google Chrome prior to 57.0.2987.133 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso de memoria previamente liberada en printing en Google Chrome, en versiones anteriores a la 57.0.2987.133 para Linux y Windows, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/97221 https://access.redhat.com/errata/RHSA-2017:0860 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html https://crbug.com/698622 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5055 https://bugzilla.redhat.com/show_bug.cgi?id=1437348 • CWE-125: Out-of-bounds Read CWE-416: Use After Free •
CVSS: 9.6EPSS: 41%CPEs: 9EXPL: 0CVE-2017-5053 – Google Chrome Array indexOf Out-Of-Bounds Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-5053
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf. Una lectura fuera de límites en V8 en Google Chrome, en versiones anteriores a la 57.0.2987.133 para Linux, Windows y Mac y a la 57.0.2987.132 para Android, permitía que un atacante remoto ejecutase código arbitrario en un espacio aislado o sandbox mediante una página HTML manipulada. Esto está relacionado con Array.prototype.indexOf. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Array.prototype.indexOf method. • http://www.securityfocus.com/bid/97220 http://zerodayinitiative.com/advisories/ZDI-17-462 https://access.redhat.com/errata/RHSA-2017:0860 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html https://crbug.com/702058 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5053 https://bugzilla.redhat.com/show_bug.cgi?id=1437353 • CWE-125: Out-of-bounds Read •