CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5199 – chromium-browser: heap corruption in ffmpeg
https://notcve.org/view.php?id=CVE-2016-5199
An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Un error por un paso resultando en una asignación de tamaño cero en FFmpeg en Google Chrome anterior a 54.0.2840.98 para Mac y 54.0.2840.99 para Windows y 54.0.2840.100 para Linux y 55.0.2883.84 para Android permitió a un atacante remoto explotar potencialmente una corrupción de memoria a través de un archivo de vídeo manipulado. • http://rhn.redhat.com/errata/RHSA-2016-2718.html http://www.securityfocus.com/bid/94196 http://www.securitytracker.com/id/1037273 https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html https://crbug.com/643948 https://security.gentoo.org/glsa/201611-16 https://access.redhat.com/security/cve/CVE-2016-5199 https://bugzilla.redhat.com/show_bug.cgi?id=1393731 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 46%CPEs: 10EXPL: 1CVE-2016-5198 – Google Chromium V8 Out-of-Bounds Memory Vulnerability
https://notcve.org/view.php?id=CVE-2016-5198
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page. V8 en Google Chrome anterior a 54.0.2840.90 para Linux y 54.0.2840.85 para Android y 54.0.2840.87 para Windows y Mac incluyeron asunciones de optimización incorrectas, lo que permitió a un atacante remoto realizar operaciones de lectura/escritura arbitrarias, conduciendo a la ejecución de código, a través de una página HTML manipulada. Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • http://rhn.redhat.com/errata/RHSA-2016-2672.html http://www.securityfocus.com/bid/94079 http://www.securitytracker.com/id/1037224 https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.html https://crbug.com/659475 https://access.redhat.com/security/cve/CVE-2016-5198 https://bugzilla.redhat.com/show_bug.cgi?id=1391356 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5191 – chromium-browser: universal xss in bookmarks
https://notcve.org/view.php?id=CVE-2016-5191
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL. El manejo de etiquetas en Google Chrome en versiones previas a 54.0.2840.59 para Windows, Mac y Linux; 54.0.2840.85 para Android tiene una validación insuficiente de los datos suministrados, lo que permite a un atacante remoto inyectar secuencias de comandos o HTML (UXSS) arbitrarias a través de páginas HTML manipuladas, según lo demostrado por un conflicto de interpretación entre userinfo y esquema en una URL http://javascript:payload@example.com. • http://rhn.redhat.com/errata/RHSA-2016-2067.html http://www.securityfocus.com/bid/93528 https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html https://codereview.chromium.org/2411473002 https://crbug.com/639126 https://security.gentoo.org/glsa/201610-09 https://access.redhat.com/security/cve/CVE-2016-5191 https://bugzilla.redhat.com/show_bug.cgi?id=1384361 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5192 – chromium-browser: cross-origin bypass in blink
https://notcve.org/view.php?id=CVE-2016-5192
Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages. Blink en Google Chrome en versiones previas a 54.0.2840.59 para Windows falla una comprobación CORS en redirect en TextTrackLoader, lo que permite a un atacante remoto eludir restricciones de origen cruzado a través de páginas HTML manipuladas. • http://rhn.redhat.com/errata/RHSA-2016-2067.html http://www.securityfocus.com/bid/93528 https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html https://crbug.com/633885 https://security.gentoo.org/glsa/201610-09 https://access.redhat.com/security/cve/CVE-2016-5192 https://bugzilla.redhat.com/show_bug.cgi?id=1384357 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5187 – chromium-browser: url spoofing
https://notcve.org/view.php?id=CVE-2016-5187
Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. Google Chrome en versiones previas a 54.0.2840.85 para Android maneja incorrectamente transición rápida de entrada y salida del modo de pantalla completa, lo que permite a un atacante remoto suplantar los contenidos de la Omnibox (barra de URL) a través de páginas HTML manipuladas. • http://rhn.redhat.com/errata/RHSA-2016-2067.html http://www.securityfocus.com/bid/93528 https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html https://crbug.com/639702 https://security.gentoo.org/glsa/201610-09 https://access.redhat.com/security/cve/CVE-2016-5187 https://bugzilla.redhat.com/show_bug.cgi?id=1384354 • CWE-20: Improper Input Validation •