CVE-2017-5045 – chromium-browser: information disclosure in xss auditor
https://notcve.org/view.php?id=CVE-2017-5045
XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page. XSS Auditor de Google Chrome versiones anteriores a 57.0.2987.98 para Mac, Windows y Linux y versión 57.0.2987.108 para Android permiten la detección de la carga de un iframe bloqueado lo que permitiría a un atacante remoto conocer los nombre de variable de JavaScript mediante un ataque de fuerza bruta usando una página HTML especialmente diseñada. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/667079 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5045 https://bugzilla.redhat.com/show_bug.cgi?id=1431047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-5038 – chromium-browser: use after free in guestview
https://notcve.org/view.php?id=CVE-2017-5038
Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. Chrome Apps de Google Chrome versiones anteriores a 57.0.2987.98 para Linux, Windows y Mac, debido a un fallo de uso después de liberación en GuestView, permitiría a un atacante remoto leer la memoria fuera de los límites a través de una extensión de Chrome especialmente diseñada. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/695476 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5038 https://bugzilla.redhat.com/show_bug.cgi?id=1431044 • CWE-416: Use After Free •
CVE-2017-5046 – chromium-browser: information disclosure in blink
https://notcve.org/view.php?id=CVE-2017-5046
V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure. V8 de Google Chrome en versiones anteriores a 57.0.2987.98 para Mac, Windows y Linux y versión 57.0.2987.108 para Android tiene una aplicación de política insuficiente lo que permitiría a un atacante remoto falsear el objeto de ubicación a través de una página HTML especialmente diseñada. Relacionada con la revelación de información de Blink. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/680409 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5046 https://bugzilla.redhat.com/show_bug.cgi?id=1431048 •
CVE-2017-5035 – chromium-browser: incorrect security ui in omnibox
https://notcve.org/view.php?id=CVE-2017-5035
Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site. En Google Chrome versiones anteriores a 57.0.2987.98 para Windows y Mac, se ocasiona una condición de carrera que podría causar que Chrome muestre información de certificado incorrecta de un sitio. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/688425 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5035 https://bugzilla.redhat.com/show_bug.cgi?id=1431036 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2017-5044 – chromium-browser: heap overflow in skia
https://notcve.org/view.php?id=CVE-2017-5044
Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un desbordamiento de búfer de memoria dinámica (heap) en el proceso de filtrado en Skia de Google Chrome en versiones anteriores 57.0.2987.98 para Mac, Windows y Linux y versión 57.0.2987.108 para Android, permitirían a un atacante remoto realizar una lectura de memoria fuera de límites a través de una página HTML especialmente diseñada. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/688987 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5044 https://bugzilla.redhat.com/show_bug.cgi?id=1431046 • CWE-787: Out-of-bounds Write •