CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5161 – Google Chrome StylePropertySerializer Type Confusion Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-5161
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class. La función EditingStyle::mergeStyle en WebKit/Source/core/editing/EditingStyle.cpp en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en versiones anteriores a 53.0.2785.92 en Linux, maneja incorrectamente propiedades del cliente, lo cual permite a atacantes remotos provocar una denegación de servicio o tener otro posible impacto no especificado a través de un sitio web manipulado que aprovecha "tipo de confusión" en la clase StylePropertySerializer. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the StylePropertySerializer class. By manipulating a document's elements an attacker can trigger a type confusion condition. • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html http://rhn.redhat.com/errata/RHSA-2016-1854.html http://www.debian.org/security/2016/dsa-3660 http://www.securityfocus.com/bid/92717 http://www.securitytracker.com/id/1036729 http://zerodayinitiative.com • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2016-5140 – chromium-browser: Heap overflow in pdfium
https://notcve.org/view.php?id=CVE-2016-5140
Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data. Desbordamiento de búfer basado en memoria dinámica en la función opj_j2k_read_SQcd_SQcc en j2k.c in OpenJPEG, como se usa en PDFium en Google Chrome en versiones anteriores a 52.0.2743.116, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de datos JPEG 2000 manipulados. • http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html http://rhn.redhat.com/errata/RHSA-2016-1580.html http://www.debian.org/security/2016/dsa-3645 http://www.securityfocus.com/bid/92276 http://www.securitytracker.com/id/1036547 https://codereview.chromium.org/2071773002 https://crbug.com/619405 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5141 – chromium-browser: Address bar spoofing
https://notcve.org/view.php?id=CVE-2016-5141
Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp. Blink, como se usa en Google Chrome en versiones anteriores a 52.0.2743.116, permite a atacantes remotos suplantar la barra de direcciones a través de vectores involucrando una URL provisional para un documento inicialmente vació, relacionado con FrameLoader.cpp y ScopedPageLoadDeferrer.cpp. • http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html http://rhn.redhat.com/errata/RHSA-2016-1580.html http://www.debian.org/security/2016/dsa-3645 http://www.securityfocus.com/bid/92276 http://www.securitytracker.com/id/1036547 https://codereview.chromium.org/2171063002 https://crbug.com/629542 https:// • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5142 – chromium-browser: Use-after-free in Blink
https://notcve.org/view.php?id=CVE-2016-5142
The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp. La implementación Web Cryptography API (también conocido como WebCrypto) en Blink, como se usa en Google Chrome en versiones anteriores a 52.0.2743.116, no copia adecuadamente búfers de datos, lo que permite a atacantes remotos provocar una denegación de servicio (uso después de liberación) o posiblemente tener otro impacto no especificado a través de código JavaScript manipulado, relacionado con NormalizeAlgorithm.cpp y SubtleCrypto.cpp. • http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html http://rhn.redhat.com/errata/RHSA-2016-1580.html http://www.debian.org/security/2016/dsa-3645 http://www.securityfocus.com/bid/92276 http://www.securitytracker.com/id/1036547 https://codereview.chromium.org/2141843002 https://crbug.com/626948 https:// • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5144 – chromium-browser: Parameter sanitization failure in DevTools
https://notcve.org/view.php?id=CVE-2016-5144
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143. El subsistema Developer Tools (también conocido como DevTools) en Blink, como se usa en Google Chrome en versiones anteriores a 52.0.2743.116, no maneja correctamente el nombre de host de la ruta de escritura, el parámetro remoteBase y el parámetro remoteFrontendUrl, lo que permite a atacantes remotos eludir restricciones de acceso intencionadas a través de URL manipulada, una vulnerabilidad diferente a CVE-2016-5143. • http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html http://rhn.redhat.com/errata/RHSA-2016-1580.html http://www.debian.org/security/2016/dsa-3645 http://www.securityfocus.com/bid/92276 http://www.securitytracker.com/id/1036547 https://codereview.chromium.org/2065823004 https://crbug.com/618333 https:// • CWE-284: Improper Access Control •