Page 411 of 3300 results (0.015 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-1708 – chromium-browser: use-after-free in extensions

https://notcve.org/view.php?id=CVE-2016-1708

The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site. La implementación de la instalación en línea Chrome Web Store en el subsistema Extensions en Google Chrome en versiones anteriores a 52.0.2743.82 no considera adecuadamente la vida útil de los objetos durante el progreso de observación, lo que permite a atacantes remotos provocar una denegación de servicio (uso después de liberación de memoria) o posiblemente tener otro impacto no especificado a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html http://rhn.redhat.com/errata/RHSA-2016-1485.html http://www.debian.org/security/2016/dsa-3637 http://www.securityfocus.com/ • CWE-416: Use After Free •

CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 0

CVE-2016-5136 – chromium-browser: use after free in extensions

https://notcve.org/view.php?id=CVE-2016-5136

Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion. Vulnerabilidad de uso después de liberación de memoria en extensions/renderer/user_script_injector.cc en el subsistema Extensions en Google Chrome en versiones anteriores a 52.0.2743.82 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores relacionados con secuencia de comandos de borrado. • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html http://rhn.redhat.com/errata/RHSA-2016-1485.html http://www.debian.org/security/2016/dsa-3637 http://www.securityfocus.com/ • CWE-416: Use After Free •

CVSS: 8.8EPSS: 10%CPEs: 17EXPL: 0

CVE-2016-5131 – libxml2: Use after free triggered by XPointer paths beginning with range-to

https://notcve.org/view.php?id=CVE-2016-5131

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. Vulnerabilidad de uso después de liberación de memoria en libxml2 hasta la versión 2.9.4, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores relacionados con la función range-to XPointer. • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-07/m • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-1705 – chromium-browser: various fixes from internal audits

https://notcve.org/view.php?id=CVE-2016-1705

Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 52.0.2743.82 permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://crbug.com/590619 http://crbug.com/599458 http://crbug.com/600953 http://crbug.com/609286 http://crbug.com/611959 http://crbug.com/612939 http://crbug.com/613869 http://crbug.com/613971 http://crbug.com/614405 http://crbug.com/614701 http://crbug.com/614989 http://crbug.com/615820 http://crbug.com/619378 http://crbug.com/619382 http://crbug.com/620694 http://crbug.com/620737 http://crbug.com/620858 http://crbug.co •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-5130 – chromium-browser: url spoofing

https://notcve.org/view.php?id=CVE-2016-5130

content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site. content/renderer/history_controller.cc en Google Chrome en versiones anteriores a 52.0.2743.82 no restringe adecuadamente los múltiples usos de un método de redireccionamiento de JavaScript, lo que permite a atacantes remotos suplantar la URL mostrada a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html http://rhn.redhat.com/errata/RHSA-2016-1485.html http://www.debian.org/security/2016/dsa-3637 http://www.securityfocus.com/ • CWE-284: Improper Access Control •