CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2016-5178 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-5178
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 53.0.2785.143 permiten a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos • http://lists.opensuse.org/opensuse-updates/2016-10/msg00000.html http://lists.opensuse.org/opensuse-updates/2016-10/msg00001.html http://rhn.redhat.com/errata/RHSA-2016-2007.html http://www.debian.org/security/2016/dsa-3683 http://www.securityfocus.com/bid/93238 http://www.securitytracker.com/id/1036970 https://bugs.chromium.org/p/chromium/issues/detail?id=645028 https://bugs.chromium.org/p/chromium/issues/detail?id=651092 https://bugzilla.redhat.com/show_bug.cgi?id=1380632 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0CVE-2016-5177 – chromium-browser: use after free in v8
https://notcve.org/view.php?id=CVE-2016-5177
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de linberación en V8 en Google Chrome anterior a la versión 53.0.2785.143, permite a atacantes remotos provocar una denegación de servicio (bloqueo) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-updates/2016-10/msg00000.html http://lists.opensuse.org/opensuse-updates/2016-10/msg00001.html http://rhn.redhat.com/errata/RHSA-2016-2007.html http://www.debian.org/security/2016/dsa-3683 http://www.securityfocus.com/bid/93238 http://www.securitytracker.com/id/1036970 https://bugzilla.redhat.com/show_bug.cgi?id=1380631 https://chromereleases.googleblog.com/2016/09/stable-channel-update-for-desktop_29.html https://lists.fedoraproject.org/archives/ • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5176 – chromium-browser: SafeBrowsing protection mechanism bypass
https://notcve.org/view.php?id=CVE-2016-5176
Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors. Google Chrome en versiones anteriores a 53.0.2785.113 permite a atacantes remotos eludir el mecanismo de protección SafeBrowsing a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2016-1905.html http://www.securityfocus.com/bid/93234 https://crbug.com/595838 https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html https://access.redhat.com/security/cve/CVE-2016-5176 https://bugzilla.redhat.com/show_bug.cgi?id=1380331 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-7549 – chromium-browser: DoS via invalid recipient of IPC message
https://notcve.org/view.php?id=CVE-2016-7549
Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message. Google Chrome en versiones anteriores a 53.0.2785.113 no asegura que el destinatario de cierto mensaje IPC es un RenderFrame o RenderWidget válido, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero no válido y caída de aplicación) o tener otro posible impacto no especificado aprovechando el acceso a un proceso de renderización, relacionado con render_frame_host_impl.cc y render_widget_host_impl.cc, como se demuestra por un mensaje Password Manager. • http://rhn.redhat.com/errata/RHSA-2016-1905.html http://www.securityfocus.com/bid/93160 https://codereview.chromium.org/1534933002 https://crbug.com/556351 https://crbug.com/646394 https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html https://access.redhat.com/security/cve/CVE-2016-7549 https://bugzilla.redhat.com/show_bug.cgi?id=1380301 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5174 – chromium-browser: popup not correctly suppressed
https://notcve.org/view.php?id=CVE-2016-5174
browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site. browser/ui/cocoa/browser_wendow_controller_private.mm en Google Chrome en versiones anteriores a 53.0.2785.113 no procesa peticiones de conmutación a pantalla completa durante una transición a pantalla completa, lo que permite a atacantes remotos provocar una denegación de servicio (venta emergente no suprimida) a través de un sitio web manipulado. • http://rhn.redhat.com/errata/RHSA-2016-1905.html http://www.debian.org/security/2016/dsa-3667 http://www.securityfocus.com/bid/92942 http://www.securitytracker.com/id/1036826 https://codereview.chromium.org/2053343003 https://crbug.com/579934 https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html https://security.gentoo.org/glsa/201610-09 https://access.redhat.com/security/cve/CVE-2016-5174 https://bugzilla.redhat.com/show_bug.cgi?id=13758 • CWE-20: Improper Input Validation •