CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5207 – chromium-browser: universal xss in blink
https://notcve.org/view.php?id=CVE-2016-5207
In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page. En Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android, la corrupción del árbol DOM puede ocurrir durante la eliminación de un elemento de pantalla completa, lo que permitió a un atacante remoto conseguir ejecución de código a través de una página HTML manipulada. • http://rhn.redhat.com/errata/RHSA-2016-2919.html http://www.securityfocus.com/bid/94633 https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html https://crbug.com/655904 https://security.gentoo.org/glsa/201612-11 https://access.redhat.com/security/cve/CVE-2016-5207 https://bugzilla.redhat.com/show_bug.cgi?id=1400852 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5215 – chromium-browser: use after free in webaudio
https://notcve.org/view.php?id=CVE-2016-5215
A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Un uso después de liberación de memoria en webaudio en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante remoto realizar una lectura de la memoria fuera de límites a través de una página HTML manipulada. • http://rhn.redhat.com/errata/RHSA-2016-2919.html http://www.securityfocus.com/bid/94633 https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html https://crbug.com/619463 https://security.gentoo.org/glsa/201612-11 https://access.redhat.com/security/cve/CVE-2016-5215 https://bugzilla.redhat.com/show_bug.cgi?id=1400866 • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5226 – chromium-browser: limited xss in blink
https://notcve.org/view.php?id=CVE-2016-5226
Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. Blink en Google Chrome anterior a 55.0.2883.75 para Linux, Windows y Mac ejecutó javascript: las URLs escritas en la barra de URL en el contexto de la pestaña actual, lo que permitió a un usuario de ingeniería social realizar XSS por si mismos arrastrando y soltando un javascript: URL en la barra de URL. • http://rhn.redhat.com/errata/RHSA-2016-2919.html http://www.securityfocus.com/bid/94633 https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html https://crbug.com/639750 https://security.gentoo.org/glsa/201612-11 https://access.redhat.com/security/cve/CVE-2016-5226 https://bugzilla.redhat.com/show_bug.cgi?id=1400876 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5204 – chromium-browser: universal xss in blink
https://notcve.org/view.php?id=CVE-2016-5204
Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. La filtración de un árbol de sombra SVG dando lugar a corrupción del árbol DOM en Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante remoto inyectar secuencias de comandos o HTML arbitrarios (UXSS) a través de una página HTML manipulada. • http://rhn.redhat.com/errata/RHSA-2016-2919.html http://www.securityfocus.com/bid/94633 https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html https://crbug.com/630870 https://security.gentoo.org/glsa/201612-11 https://access.redhat.com/security/cve/CVE-2016-5204 https://bugzilla.redhat.com/show_bug.cgi?id=1400855 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9650 – chromium-browser: csp referrer disclosure
https://notcve.org/view.php?id=CVE-2016-9650
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page. Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android maneja iframes incorrectamente, lo que permitió a un atacante remoto eludir una política no referida a través de una página HTML manipulada. • http://rhn.redhat.com/errata/RHSA-2016-2919.html http://www.securityfocus.com/bid/94633 https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html https://crbug.com/653034 https://security.gentoo.org/glsa/201612-11 https://access.redhat.com/security/cve/CVE-2016-9650 https://bugzilla.redhat.com/show_bug.cgi?id=1400873 • CWE-19: Data Processing Errors •