CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5225 – chromium-browser: csp bypass in blink
https://notcve.org/view.php?id=CVE-2016-5225
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page. Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android manejó incorrectamente acciones de formularios, lo que permitió a un atacante remoto eludir la Content Security Policy a través de una página HTML manipulada. • http://rhn.redhat.com/errata/RHSA-2016-2919.html http://www.securityfocus.com/bid/94633 https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html https://crbug.com/630332 https://security.gentoo.org/glsa/201612-11 https://access.redhat.com/security/cve/CVE-2016-5225 https://bugzilla.redhat.com/show_bug.cgi?id=1400877 • CWE-19: Data Processing Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5226 – chromium-browser: limited xss in blink
https://notcve.org/view.php?id=CVE-2016-5226
Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. Blink en Google Chrome anterior a 55.0.2883.75 para Linux, Windows y Mac ejecutó javascript: las URLs escritas en la barra de URL en el contexto de la pestaña actual, lo que permitió a un usuario de ingeniería social realizar XSS por si mismos arrastrando y soltando un javascript: URL en la barra de URL. • http://rhn.redhat.com/errata/RHSA-2016-2919.html http://www.securityfocus.com/bid/94633 https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html https://crbug.com/639750 https://security.gentoo.org/glsa/201612-11 https://access.redhat.com/security/cve/CVE-2016-5226 https://bugzilla.redhat.com/show_bug.cgi?id=1400876 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9650 – chromium-browser: csp referrer disclosure
https://notcve.org/view.php?id=CVE-2016-9650
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page. Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android maneja iframes incorrectamente, lo que permitió a un atacante remoto eludir una política no referida a través de una página HTML manipulada. • http://rhn.redhat.com/errata/RHSA-2016-2919.html http://www.securityfocus.com/bid/94633 https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html https://crbug.com/653034 https://security.gentoo.org/glsa/201612-11 https://access.redhat.com/security/cve/CVE-2016-9650 https://bugzilla.redhat.com/show_bug.cgi?id=1400873 • CWE-19: Data Processing Errors •
CVSS: 8.8EPSS: 23%CPEs: 4EXPL: 1CVE-2016-9651 – Google Chrome - V8 Private Property Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2016-9651
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. La falta de una comprobación para detectar si la propiedad de un objeto JS es privado en V8 de Google Chome, en versiones anteriores a la 55.0.2883.75, permitió que un atacante remoto ejecutara código arbitrario en un sandbox mediante una página HTML manipulada. • https://www.exploit-db.com/exploits/42175 http://rhn.redhat.com/errata/RHSA-2016-2919.html http://www.securityfocus.com/bid/94633 https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html https://crbug.com/664411 https://security.gentoo.org/glsa/201612-11 https://access.redhat.com/security/cve/CVE-2016-9651 https://bugzilla.redhat.com/show_bug.cgi?id=1400850 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9652 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-9652
Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75. múltiples vulnerabilidades no especificadas en Google Chrome anterior a la versión 55,0,2883,75 • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00042.html http://rhn.redhat.com/errata/RHSA-2016-2919.html http://www.debian.org/security/2016/dsa-3731 http://www.securityfocus.com/bid/94633 http://www.ubuntu.com/usn/USN-3153-1 https://bugs.chromium.org/p/chromium/issues/detail?id=669928 https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html https://lists. •