CVE-2016-5161 – Google Chrome StylePropertySerializer Type Confusion Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-5161
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class. La función EditingStyle::mergeStyle en WebKit/Source/core/editing/EditingStyle.cpp en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en versiones anteriores a 53.0.2785.92 en Linux, maneja incorrectamente propiedades del cliente, lo cual permite a atacantes remotos provocar una denegación de servicio o tener otro posible impacto no especificado a través de un sitio web manipulado que aprovecha "tipo de confusión" en la clase StylePropertySerializer. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the StylePropertySerializer class. By manipulating a document's elements an attacker can trigger a type confusion condition. • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html http://rhn.redhat.com/errata/RHSA-2016-1854.html http://www.debian.org/security/2016/dsa-3660 http://www.securityfocus.com/bid/92717 http://www.securitytracker.com/id/1036729 http://zerodayinitiative.com • CWE-704: Incorrect Type Conversion or Cast •
CVE-2016-5145 – chromium-browser: Same origin bypass for images in Blink
https://notcve.org/view.php?id=CVE-2016-5145
Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. Blink, como se usa en Google Chrome en versiones anteriores a 52.0.2743.116, no asegura que una propiedad contaminada se conserva después de una operación de clonado de estructura en un objeto ImageBitmap derivado de una imagen de origen cruzado, lo que permite a atacantes remotos eludir la Same Origin Policy a través de código JavaScript manipulado. • http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html http://rhn.redhat.com/errata/RHSA-2016-1580.html http://www.securityfocus.com/bid/92276 http://www.securitytracker.com/id/1036547 https://codereview.chromium.org/2096313002 https://codereview.chromium.org/2097393002 https://codereview.chromium.org/2178513002 https:/ • CWE-254: 7PK - Security Features •
CVE-2016-5140 – chromium-browser: Heap overflow in pdfium
https://notcve.org/view.php?id=CVE-2016-5140
Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data. Desbordamiento de búfer basado en memoria dinámica en la función opj_j2k_read_SQcd_SQcc en j2k.c in OpenJPEG, como se usa en PDFium en Google Chrome en versiones anteriores a 52.0.2743.116, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de datos JPEG 2000 manipulados. • http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html http://rhn.redhat.com/errata/RHSA-2016-1580.html http://www.debian.org/security/2016/dsa-3645 http://www.securityfocus.com/bid/92276 http://www.securitytracker.com/id/1036547 https://codereview.chromium.org/2071773002 https://crbug.com/619405 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-5143 – chromium-browser: Parameter sanitization failure in DevTools
https://notcve.org/view.php?id=CVE-2016-5143
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144. El subsistema Developer Tools (también conocido como DevTools) en Blink, como se usa en Google Chrome en versiones anteriores a 52.0.2743.116, no maneja correctamente el nombre de host de la ruta de escritura, el parámetro remoteBase y el parámetro remoteFrontendUrl, lo que permite a atacantes remotos eludir restricciones de acceso intencionadas a través de URL manipulada, una vulnerabilidad diferente a CVE-2016-5144. • http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html http://rhn.redhat.com/errata/RHSA-2016-1580.html http://www.debian.org/security/2016/dsa-3645 http://www.securityfocus.com/bid/92276 http://www.securitytracker.com/id/1036547 https://codereview.chromium.org/2065823004 https://crbug.com/619414 https:// • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-5142 – chromium-browser: Use-after-free in Blink
https://notcve.org/view.php?id=CVE-2016-5142
The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp. La implementación Web Cryptography API (también conocido como WebCrypto) en Blink, como se usa en Google Chrome en versiones anteriores a 52.0.2743.116, no copia adecuadamente búfers de datos, lo que permite a atacantes remotos provocar una denegación de servicio (uso después de liberación) o posiblemente tener otro impacto no especificado a través de código JavaScript manipulado, relacionado con NormalizeAlgorithm.cpp y SubtleCrypto.cpp. • http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00006.html http://rhn.redhat.com/errata/RHSA-2016-1580.html http://www.debian.org/security/2016/dsa-3645 http://www.securityfocus.com/bid/92276 http://www.securitytracker.com/id/1036547 https://codereview.chromium.org/2141843002 https://crbug.com/626948 https:// • CWE-416: Use After Free •