Page 411 of 3346 results (0.025 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 52.0.2743.82 permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://crbug.com/590619 http://crbug.com/599458 http://crbug.com/600953 http://crbug.com/609286 http://crbug.com/611959 http://crbug.com/612939 http://crbug.com/613869 http://crbug.com/613971 http://crbug.com/614405 http://crbug.com/614701 http://crbug.com/614989 http://crbug.com/615820 http://crbug.com/619378 http://crbug.com/619382 http://crbug.com/620694 http://crbug.com/620737 http://crbug.com/620858 http://crbug.co •

CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0

Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font. Desbordamiento de buffer basado en memoria dinámica en el método ByteArray::Get en data/byte_array.cc en Google sfntly en versiones anteriores a 2016-06-10, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de una fuente SFNT manipulada. • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html http://rhn.redhat.com/errata/RHSA-2016-1485.html http://www.debian.org/security/2016/dsa-3637 http://www.securityfocus.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream. Google Chrome en versiones anteriores a 52.0.2743.82 no maneja correctamente información de origen durante la autenticación del proxy, lo que permite a atacantes man-in-the-middle suplantar una autenticación del proxy de aviso de inicio de sesión o desencadenar almacenamiento de credenciales incorrectas modificando el flujo de datos cliente-servidor. • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html http://rhn.redhat.com/errata/RHSA-2016-1485.html http://www.debian.org/security/2016/dsa-3637 http://www.securityfocus.com/ • CWE-287: Improper Authentication •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. El método ChromeClientImpl::createWindow en WebKit/Source/web/ChromeClientImpl.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, no previene la creación de la ventana por un marco diferido, lo que permite a atacantes remotos eludir la Same Origin Policy a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html http://rhn.redhat.com/errata/RHSA-2016-1485.html http://www.debian.org/security/2016/dsa-3637 http://www.securityfocus.com/ • CWE-285: Improper Authorization •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0

The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element. El subsistema Service Workers en Google Chrome en versiones anteriores a 52.0.2743.82 no implementa adecuadamente la especificación Secure Contexts durante las decisiones sobre si se debe controlar un submarco, lo que permite a atacantes remotos eludir la Same Origin Policy a través de un elemento IFRAME https dentro de un elemento IFRAME http. • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html http://rhn.redhat.com/errata/RHSA-2016-1485.html http://www.debian.org/security/2016/dsa-3637 http://www.securityfocus.com/ • CWE-254: 7PK - Security Features •