CVSS: 9.3EPSS: 2%CPEs: 11EXPL: 0CVE-2016-1699 – Trend Micro Maximum Security Regex Matching Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1699
WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL. WebKit/Source/devtools/front_end/devtools.js en el subsistema Developer Tools (también conocido como DevTools) en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 51.0.2704.79, no asegura que el parámetro remoteFrontendUrl esté asociado con una URL chrome-devtools-frontend.appspot.com, lo que permite a atacantes remotos eludir las restricciones destinadas al acceso a través de una URL manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Maximum Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the analysis of web pages. By performing actions in script matching a large array against a RegEx, an attacker can cause a pointer to be reused after it has been freed. • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3594 http://www.securitytracker.com/id/1036026 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat.com/errata/RHSA-2016:1201 https://codereview&# • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 2%CPEs: 11EXPL: 0CVE-2016-1702 – chromium-browser: out-of-bounds read in skia
https://notcve.org/view.php?id=CVE-2016-1702
The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data. La función SkRegion::readFromMemory en core/SkRegion.cpp in Skia, tal como se utiliza en Google Chrome en versiones anteriores a 51.0.2704.79, no valida la cuenta de intervalo, lo que permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de datos serializados manipulados. • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3594 http://www.securitytracker.com/id/1036026 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat.com/errata/RHSA-2016:1201 https://codereview&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-1698 – chromium-browser: information leak in extension bindings
https://notcve.org/view.php?id=CVE-2016-1698
The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition. La función createCustomType en extensions/renderer/resources/binding.js en las extensiones vinculantes en Google Chrome en versiones anteriores a 51.0.2704.79 no valida los tipos de módulos, lo que podría permitir a atacantes cargar módulos arbitrarios u obtener información sensible aprovechando una definición trampa. • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3594 http://www.securitytracker.com/id/1036026 https://access.redhat.com/errata/RHSA-2016:1201 https://codereview.chromium.org/1912783002 https://crbug.com/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2016-1696 – chromium-browser: cross-origin bypass in extension bindings
https://notcve.org/view.php?id=CVE-2016-1696
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. El subsistema de extensiones en Google Chrome en versiones anteriores a 51.0.2704.79 no restringe adecuadamente accesos vinculantes, lo que permite a atacantes remotos eleduir la Same Origin Policy a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3594 http://www.securitytracker.com/id/1036026 https://access.redhat.com/errata/RHSA-2016:1201 https://codereview.chromium.org/1866103002 https://crbug.com/ • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2016-1701 – chromium-browser: use-after-free in autofill
https://notcve.org/view.php?id=CVE-2016-1701
The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690. La implementación Autofill en Google Chrome en versiones anteriores a 51.0.2704.79 no maneja adecuadamente la interacción entre las actualizaciones de campo y el código JavaScript que desencadena un borrado de marco, lo que permite a atacantes remotos provocar una denegación de servicio (uso después de liberación de memoria) o posiblemente tener otro impacto no especificado a través de un sitio web manipulado, una vulnerabilidad diferente a CVE-2016-1690. • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3594 http://www.securitytracker.com/id/1036026 https://access.redhat.com/errata/RHSA-2016:1201 https://codereview.chromium.org/1960023002 https://crbug.com/ •