CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5041 – chromium-browser: address spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5041
Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page. Google Chrome versiones anteriores a 57.0.2987.100 gestiona incorrectamente las acciones ir adelante/atrás en la navegación lo que permitiría a un atacante remoto mostrar información incorrecta de un sitio a través de una página HTML especialmente diseñada. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/642490 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5041 https://bugzilla.redhat.com/show_bug.cgi?id=1431041 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0CVE-2017-5036 – chromium-browser: use after free in pdfium
https://notcve.org/view.php?id=CVE-2017-5036
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file. Un uso después de liberación en PDFium de Google Chrome versiones anteriores a 57.0.2987.98 para Mac, Windows y Linux y versión 57.0.2987.108 para Android, permitiría a un usuario remoto provocar un impacto indefinido a través de un archivo PDF especialmente diseñado. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/691371 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5036 https://bugzilla.redhat.com/show_bug.cgi?id=1431037 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-5032 – chromium-browser: out of bounds write in pdfium
https://notcve.org/view.php?id=CVE-2017-5032
PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. PDFium en Google Chrome anteriores a 57.0.2987.98 para Windows podría incrementar del final de un búfer, lo que permite a un atacante remoto realizar corrupción de pila heap a través de un archivo PDF especialmente elaborado. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/668724 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5032 https://bugzilla.redhat.com/show_bug.cgi?id=1431032 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-5035 – chromium-browser: incorrect security ui in omnibox
https://notcve.org/view.php?id=CVE-2017-5035
Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site. En Google Chrome versiones anteriores a 57.0.2987.98 para Windows y Mac, se ocasiona una condición de carrera que podría causar que Chrome muestre información de certificado incorrecta de un sitio. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/688425 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5035 https://bugzilla.redhat.com/show_bug.cgi?id=1431036 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-5031 – chromium-browser: use after free in angle
https://notcve.org/view.php?id=CVE-2017-5031
A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso después de su liberación de ANGLE en Google Chrome anteriores a 57.0.2987.98 para Windows permitió a un atacante remoto realizar una lectura de memoria fuera de límites a través de una página HTML diseñada especialmente. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 http://www.securityfocus.com/bid/98326 https://bugzilla.mozilla.org/show_bug.cgi?id=1328762 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/682020 https://security.gentoo.org/glsa/201704-02 https://www.mozilla.org/security/advisories/mfsa2017-14 https://access.redhat.com/security/cve/CVE&# • CWE-416: Use After Free •