CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5038 – chromium-browser: use after free in guestview
https://notcve.org/view.php?id=CVE-2017-5038
Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. Chrome Apps de Google Chrome versiones anteriores a 57.0.2987.98 para Linux, Windows y Mac, debido a un fallo de uso después de liberación en GuestView, permitiría a un atacante remoto leer la memoria fuera de los límites a través de una extensión de Chrome especialmente diseñada. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/695476 https://security.gentoo.org/glsa/201704-02 https://access.redhat.com/security/cve/CVE-2017-5038 https://bugzilla.redhat.com/show_bug.cgi?id=1431044 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 75%CPEs: 11EXPL: 1CVE-2017-5030 – Google Chromium V8 Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2017-5030
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page. El manejo incorrecto de especies complejas en V8 de Google Chrome anteriores a 57.0.2987.98 para Linux, Windows y Mac y 57.0.2987.108 para Android permitió a un atacante remoto ejecutar código arbitrario a través de una página HTML especialmente diseñada. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony X800G Smart TV. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of arrays in Vewd. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • http://rhn.redhat.com/errata/RHSA-2017-0499.html http://www.debian.org/security/2017/dsa-3810 http://www.securityfocus.com/bid/96767 https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html https://crbug.com/682194 https://security.gentoo.org/glsa/201704-02 https://www.zerodayinitiative.com/advisories/ZDI-20-126 https://access.redhat.com/security/cve/CVE-2017-5030 https://bugzilla.redhat.com/show_bug.cgi?id=1431030 • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5027
https://notcve.org/view.php?id=CVE-2017-5027
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page. Blink en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac y 56.0.2924.87 para Android, no pudo aplicar correctamente la política de seguridad de contenido inseguro en línea, lo que permitió a un atacante remoto eludir la política de seguridad de contenido a través de una página HTML manipulada. • https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html https://crbug.com/661126 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5017 – chromium-browser: uninitialised memory access in webm video
https://notcve.org/view.php?id=CVE-2017-5017
Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page. Interacciones con el SO en Google Chrome en versiones anteriores a 56.0.2924.76 para Mac de memoria de vídeo insuficientemente borrada, lo que permitió a un atacante remoto posiblemente extraer fragmentos de imagen en sistemas con chips gráficos GeForce 8600M a través de una página HTML manipulada. • http://rhn.redhat.com/errata/RHSA-2017-0206.html http://www.debian.org/security/2017/dsa-3776 http://www.securityfocus.com/bid/95792 http://www.securitytracker.com/id/1037718 https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html https://crbug.com/676975 https://security.gentoo.org/glsa/201701-66 https://access.redhat.com/security/cve/CVE-2017-5017 https://bugzilla.redhat.com/show_bug.cgi?id=1416669 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5014 – chromium-browser: heap overflow in skia
https://notcve.org/view.php?id=CVE-2017-5014
Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Desbordamiento de búfer de memoria dinámica durante el procesamiento de imágenes en Skia en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac y 56.0.2924.87 para Android permitió a un atacante remoto realizar una lectura de memoria fuera de límites a través de una página HTML manipulada. • http://rhn.redhat.com/errata/RHSA-2017-0206.html http://www.debian.org/security/2017/dsa-3776 http://www.securityfocus.com/bid/95792 http://www.securitytracker.com/id/1037718 https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html https://crbug.com/675332 https://security.gentoo.org/glsa/201701-66 https://access.redhat.com/security/cve/CVE-2017-5014 https://bugzilla.redhat.com/show_bug.cgi?id=1416665 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •