CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5207 – chromium-browser: universal xss in blink
https://notcve.org/view.php?id=CVE-2016-5207
In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page. En Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android, la corrupción del árbol DOM puede ocurrir durante la eliminación de un elemento de pantalla completa, lo que permitió a un atacante remoto conseguir ejecución de código a través de una página HTML manipulada. • http://rhn.redhat.com/errata/RHSA-2016-2919.html http://www.securityfocus.com/bid/94633 https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html https://crbug.com/655904 https://security.gentoo.org/glsa/201612-11 https://access.redhat.com/security/cve/CVE-2016-5207 https://bugzilla.redhat.com/show_bug.cgi?id=1400852 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5221 – chromium-browser: integer overflow in angle
https://notcve.org/view.php?id=CVE-2016-5221
Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page. Confusión de tipo en libGLESv2 en ANGLE en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android posiblemente permitió a un atacante remoto eludir la validación del búfer a través de una página HTML manipulada. • http://rhn.redhat.com/errata/RHSA-2016-2919.html http://www.securityfocus.com/bid/94633 https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html https://crbug.com/660854 https://security.gentoo.org/glsa/201612-11 https://access.redhat.com/security/cve/CVE-2016-5221 https://bugzilla.redhat.com/show_bug.cgi?id=1400870 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5224 – chromium-browser: same-origin bypass in svg
https://notcve.org/view.php?id=CVE-2016-5224
A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. Un ataque de tiempo en aritmética de punto flotante desnormalizada en filtros SVG en Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante eludir la Same Origin Policy a través de una página HTML manipulada. • http://rhn.redhat.com/errata/RHSA-2016-2919.html http://www.securityfocus.com/bid/94633 https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html https://crbug.com/615851 https://security.gentoo.org/glsa/201612-11 https://access.redhat.com/security/cve/CVE-2016-5224 https://bugzilla.redhat.com/show_bug.cgi?id=1400878 • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5225 – chromium-browser: csp bypass in blink
https://notcve.org/view.php?id=CVE-2016-5225
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page. Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android manejó incorrectamente acciones de formularios, lo que permitió a un atacante remoto eludir la Content Security Policy a través de una página HTML manipulada. • http://rhn.redhat.com/errata/RHSA-2016-2919.html http://www.securityfocus.com/bid/94633 https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html https://crbug.com/630332 https://security.gentoo.org/glsa/201612-11 https://access.redhat.com/security/cve/CVE-2016-5225 https://bugzilla.redhat.com/show_bug.cgi?id=1400877 • CWE-19: Data Processing Errors •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9650 – chromium-browser: csp referrer disclosure
https://notcve.org/view.php?id=CVE-2016-9650
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page. Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android maneja iframes incorrectamente, lo que permitió a un atacante remoto eludir una política no referida a través de una página HTML manipulada. • http://rhn.redhat.com/errata/RHSA-2016-2919.html http://www.securityfocus.com/bid/94633 https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html https://crbug.com/653034 https://security.gentoo.org/glsa/201612-11 https://access.redhat.com/security/cve/CVE-2016-9650 https://bugzilla.redhat.com/show_bug.cgi?id=1400873 • CWE-19: Data Processing Errors •