CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5133 – chromium-browser: origin confusion in proxy authentication
https://notcve.org/view.php?id=CVE-2016-5133
Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream. Google Chrome en versiones anteriores a 52.0.2743.82 no maneja correctamente información de origen durante la autenticación del proxy, lo que permite a atacantes man-in-the-middle suplantar una autenticación del proxy de aviso de inicio de sesión o desencadenar almacenamiento de credenciales incorrectas modificando el flujo de datos cliente-servidor. • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html http://rhn.redhat.com/errata/RHSA-2016-1485.html http://www.debian.org/security/2016/dsa-3637 http://www.securityfocus.com/ • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2016-1704 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1704
Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 51.0.2704.103 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update_16.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html http://www.debian.org/security/2016/dsa-3637 http://www.ubuntu.com/usn/USN-3015-1 https://access.redhat.com/errata/ •
CVSS: 6.5EPSS: 2%CPEs: 11EXPL: 0CVE-2016-1702 – chromium-browser: out-of-bounds read in skia
https://notcve.org/view.php?id=CVE-2016-1702
The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data. La función SkRegion::readFromMemory en core/SkRegion.cpp in Skia, tal como se utiliza en Google Chrome en versiones anteriores a 51.0.2704.79, no valida la cuenta de intervalo, lo que permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de datos serializados manipulados. • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3594 http://www.securitytracker.com/id/1036026 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat.com/errata/RHSA-2016:1201 https://codereview&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0CVE-2016-1700 – chromium-browser: use-after-free in extensions
https://notcve.org/view.php?id=CVE-2016-1700
extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to extensions. extensions/renderer/runtime_custom_bindings.cc en Google Chrome en versiones anteriores a 51.0.2704.79 no considera los efectos laterales durante la creación de un array de vistas de extensión, lo que permite a atacantes remotos provocar una denegación de servicio (uso después de liberación de memoria) o posiblemente tener otro impacto no especificado a través de vectores relacionados con las extensiones. • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3594 http://www.securitytracker.com/id/1036026 https://access.redhat.com/errata/RHSA-2016:1201 https://codereview.chromium.org/1948773002 https://crbug.com/ •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2016-1696 – chromium-browser: cross-origin bypass in extension bindings
https://notcve.org/view.php?id=CVE-2016-1696
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. El subsistema de extensiones en Google Chrome en versiones anteriores a 51.0.2704.79 no restringe adecuadamente accesos vinculantes, lo que permite a atacantes remotos eleduir la Same Origin Policy a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3594 http://www.securitytracker.com/id/1036026 https://access.redhat.com/errata/RHSA-2016:1201 https://codereview.chromium.org/1866103002 https://crbug.com/ • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •