CVE-2017-5037 – chromium-browser: multiple out of bounds writes in chunkdemuxer
https://notcve.org/view.php?id=CVE-2017-5037
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. Un desbordamiento de entero en FFmpeg de Google Chrome versiones anteriores a 57.0.2987.98 para Mac, Windows, y Linux y versión 57.0.2987.108 para Android permitiría a un atacante remoto escribir fuera de los límites de memoria a través de un archivo de vídeo especialmente diseñado. Relacionado con ChunkDemuxer. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/679640 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5037 https://bugzilla.redhat.com/show_bug.cgi?id=1431038 • CWE-190: Integer Overflow or Wraparound •
CVE-2017-5043 – chromium-browser: use after free in guestview
https://notcve.org/view.php?id=CVE-2017-5043
Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. Chrome Apps de Google Chrome versiones anteriores a 57.0.2987.98 para Linux, Windows y Mac, debido a un fallo de uso después de liberación en GuestView, permitiría a un atacante remoto leer la memoria fuera de los límites a través de una extensión de Chrome especialmente diseñada. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/683523 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5043 https://bugzilla.redhat.com/show_bug.cgi?id=1431045 • CWE-416: Use After Free •
CVE-2017-5030 – Google Chromium V8 Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2017-5030
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page. El manejo incorrecto de especies complejas en V8 de Google Chrome anteriores a 57.0.2987.98 para Linux, Windows y Mac y 57.0.2987.108 para Android permitió a un atacante remoto ejecutar código arbitrario a través de una página HTML especialmente diseñada. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony X800G Smart TV. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of arrays in Vewd. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/682194 https://security.gentoo.org/glsa/201704-02 https://www.zerodayinitiative.com/advisories/ZDI-20-126 https://access.redhat.com/security/cve/CVE-2017-5030 https://bugzilla.redhat.com/show_bug.cgi?id=1431030 • CWE-125: Out-of-bounds Read •
CVE-2017-5029 – chromium-browser: integer overflow in libxslt
https://notcve.org/view.php?id=CVE-2017-5029
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. La función xsltAddTextString en transform.c en libxslt 1.1.29, tal como se utiliza en Blink en Google Chrome anteriores a 57.0.2987.98 para Mac, Windows y Linux y 57.0.2987.108 para Android, carecía de una comprobación de desbordamiento de entero durante un cálculo de tamaño, lo que permite a un atacante remoto realizar una escritura de memoria fuera de límites a través de una página HTML diseñada. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 http://www.securitytracker.com/id/1038157 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/676623 https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5 https://access.redhat.com/security/cve/CVE-2017-5029 https://bugzilla.redhat.com/show_bug.cgi?id=1431033 • CWE-787: Out-of-bounds Write •
CVE-2017-5041 – chromium-browser: address spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5041
Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page. Google Chrome versiones anteriores a 57.0.2987.100 gestiona incorrectamente las acciones ir adelante/atrás en la navegación lo que permitiría a un atacante remoto mostrar información incorrecta de un sitio a través de una página HTML especialmente diseñada. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/642490 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5041 https://bugzilla.redhat.com/show_bug.cgi?id=1431041 • CWE-20: Improper Input Validation •