CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5026 – chromium-browser: ui spoofing
https://notcve.org/view.php?id=CVE-2017-5026
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page. Google Chrome anterior a 56.0.2924.76 para Linux, Windows y Mac, no pudo evitar que las alertas se muestren mediante marcos intercambiados, lo que permitió a un atacante remoto mostrar alertas en una página que no controla a través de una página HTML manipulada. • http://rhn.redhat.com/errata/RHSA-2017-0206.html http://www.debian.org/security/2017/dsa-3776 http://www.securityfocus.com/bid/95792 http://www.securitytracker.com/id/1037718 https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html https://crbug.com/634108 https://security.gentoo.org/glsa/201701-66 https://access.redhat.com/security/cve/CVE-2017-5026 https://bugzilla.redhat.com/show_bug.cgi?id=1416677 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5023 – chromium-browser: type confusion in metrics
https://notcve.org/view.php?id=CVE-2017-5023
Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page. Tipo de confusión en el histograma en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac, y 56.0.2924.87 para Android, permitió a un atacante remoto potencialmente explotar una desreferencia casi nula a través de una página HTML manipulada. • http://rhn.redhat.com/errata/RHSA-2017-0206.html http://www.debian.org/security/2017/dsa-3776 http://www.securityfocus.com/bid/95792 http://www.securitytracker.com/id/1037718 https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html https://crbug.com/651443 https://security.gentoo.org/glsa/201701-66 https://access.redhat.com/security/cve/CVE-2017-5023 https://bugzilla.redhat.com/show_bug.cgi?id=1416674 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5024 – chromium-browser: heap overflow in ffmpeg
https://notcve.org/view.php?id=CVE-2017-5024
FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. FFmpeg en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac, falló en realizar la comprobación de los límites adecuados, lo que permitió a un atacante remoto potencialmente explotar la corrupción de la memoria dinámica a través de un archivo de vídeo manipulado. • http://rhn.redhat.com/errata/RHSA-2017-0206.html http://www.debian.org/security/2017/dsa-3776 http://www.securityfocus.com/bid/95792 http://www.securitytracker.com/id/1037718 https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html https://crbug.com/643951 https://security.gentoo.org/glsa/201701-66 https://security.gentoo.org/glsa/201705-05 https://access.redhat.com/security/cve/CVE-2017-5024 https://bugzilla.redhat.com/show_bug.cgi?id=1416675 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5025 – chromium-browser: heap overflow in ffmpeg
https://notcve.org/view.php?id=CVE-2017-5025
FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. FFmpeg en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac, falló en realizar la comprobación de los límites adecuados, lo que permitió a un atacante remoto potencialmente explotar la corrupción de la memoria dinámica a través de un archivo de vídeo manipulado. • http://rhn.redhat.com/errata/RHSA-2017-0206.html http://www.debian.org/security/2017/dsa-3776 http://www.securityfocus.com/bid/95792 http://www.securitytracker.com/id/1037718 https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html https://crbug.com/643950 https://security.gentoo.org/glsa/201701-66 https://security.gentoo.org/glsa/201705-05 https://access.redhat.com/security/cve/CVE-2017-5025 https://bugzilla.redhat.com/show_bug.cgi?id=1416676 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5019 – chromium-browser: use after free in renderer
https://notcve.org/view.php?id=CVE-2017-5019
A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Liberación de memoria en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac, y 56.0.2924.87 para Android, permitió a un atacante remoto potencialmente explotar la corrupción de memoria dinámica a través de una página HTML manipulada. • http://rhn.redhat.com/errata/RHSA-2017-0206.html http://www.debian.org/security/2017/dsa-3776 http://www.securityfocus.com/bid/95792 http://www.securitytracker.com/id/1037718 https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html https://crbug.com/666714 https://security.gentoo.org/glsa/201701-66 https://access.redhat.com/security/cve/CVE-2017-5019 https://bugzilla.redhat.com/show_bug.cgi?id=1416667 • CWE-416: Use After Free •