CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5214 – chromium-browser: file download protection bypass
https://notcve.org/view.php?id=CVE-2016-5214
Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page. Google Chrome anterior a 55.0.2883.75 para Windows no maneja adecuadamente archivos descargados, lo que permitió a un atacante remoto impedir que el archivo descargado recibiera la Mark de la Web a través de una página HTML manipulada. • http://rhn.redhat.com/errata/RHSA-2016-2919.html http://www.securityfocus.com/bid/94633 https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html https://crbug.com/601538 https://security.gentoo.org/glsa/201612-11 https://access.redhat.com/security/cve/CVE-2016-5214 https://bugzilla.redhat.com/show_bug.cgi?id=1400864 • CWE-19: Data Processing Errors •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5203 – chromium-browser: use after free in pdfium
https://notcve.org/view.php?id=CVE-2016-5203
A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Un uso después de liberación de memoria en PDFium en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante remoto explotar potencialmente una corrupción de memoria a través de un archivo PDF manipulado. • http://rhn.redhat.com/errata/RHSA-2016-2919.html http://www.securityfocus.com/bid/94633 https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html https://crbug.com/644219 https://security.gentoo.org/glsa/201612-11 https://access.redhat.com/security/cve/CVE-2016-5203 https://bugzilla.redhat.com/show_bug.cgi?id=1400857 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5223 – chromium-browser: integer overflow in pdfium
https://notcve.org/view.php?id=CVE-2016-5223
Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file. Vulnerabilidad de desbordamiento de entero en PDFium en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante remoto explotar potencialmente la corrupción de memoria o DoS a través de un archivo PDF manipulado. • http://rhn.redhat.com/errata/RHSA-2016-2919.html http://www.securityfocus.com/bid/94633 https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html https://crbug.com/652038 https://security.gentoo.org/glsa/201612-11 https://access.redhat.com/security/cve/CVE-2016-5223 https://bugzilla.redhat.com/show_bug.cgi?id=1400875 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5226 – chromium-browser: limited xss in blink
https://notcve.org/view.php?id=CVE-2016-5226
Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. Blink en Google Chrome anterior a 55.0.2883.75 para Linux, Windows y Mac ejecutó javascript: las URLs escritas en la barra de URL en el contexto de la pestaña actual, lo que permitió a un usuario de ingeniería social realizar XSS por si mismos arrastrando y soltando un javascript: URL en la barra de URL. • http://rhn.redhat.com/errata/RHSA-2016-2919.html http://www.securityfocus.com/bid/94633 https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html https://crbug.com/639750 https://security.gentoo.org/glsa/201612-11 https://access.redhat.com/security/cve/CVE-2016-5226 https://bugzilla.redhat.com/show_bug.cgi?id=1400876 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5204 – chromium-browser: universal xss in blink
https://notcve.org/view.php?id=CVE-2016-5204
Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. La filtración de un árbol de sombra SVG dando lugar a corrupción del árbol DOM en Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante remoto inyectar secuencias de comandos o HTML arbitrarios (UXSS) a través de una página HTML manipulada. • http://rhn.redhat.com/errata/RHSA-2016-2919.html http://www.securityfocus.com/bid/94633 https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html https://crbug.com/630870 https://security.gentoo.org/glsa/201612-11 https://access.redhat.com/security/cve/CVE-2016-5204 https://bugzilla.redhat.com/show_bug.cgi?id=1400855 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •