CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2016-1703 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1703
Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 51.0.2704.79 permiten a atacantes remotos provocar una denegación del servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3594 http://www.securitytracker.com/id/1036026 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat.com/errata/RHSA-2016:1201 https://crbug.co •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2016-1676 – chromium-browser: cross-origin bypass in extension bindings
https://notcve.org/view.php?id=CVE-2016-1676
extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. extensions/renderer/resources/binding.js en las extensiones vinculantes en Google Chrome en versiones anteriores a 51.0.2704.63 no utiliza adecuadamente prototipos, lo que permite a atacantes remotos eludir la Same Origin Policy a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 https://access.redhat.com/errata/RHSA-2016:1190 https://codereview& • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 2%CPEs: 12EXPL: 0CVE-2016-1688 – chromium-browser: out-of-bounds read in v8
https://notcve.org/view.php?id=CVE-2016-1688
The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code. La implementación de regexp (también conocida como regular expression) en Google V8 en versiones anteriores a 5.0.71.40, como es usada en Google Chrome en versiones anteriores a 51.0.2704.63, no maneja correctamente los tamaños de cadena externos, lo que permite a atacantes remotos provocar una denegación del servicio (lectura fuera de límites) a través de un código JavaScript manipulado. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 11EXPL: 0CVE-2016-1680 – chromium-browser: heap use-after-free in skia
https://notcve.org/view.php?id=CVE-2016-1680
Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación de memoria en ports/SkFontHost_FreeType.cpp en Skia, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63, permite a atacantes remotos provocar una denegación del servicio (corrupción de la memoria dinámica) o o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-1687 – chromium-browser: information leak in extensions
https://notcve.org/view.php?id=CVE-2016-1687
The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions. La implementación del renderizador en Google Chrome en versiones anteriores a 51.0.2704.63 no restringe correctamente la exposición pública de clases, lo que permite a atacantes remotos obtener información sensible a través de vectores relacionados con las extensiones. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 https://access.redhat.com/errata/RHSA-2016:1190 https://codereview& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •