CVE-2016-1690 – chromium-browser: heap use-after-free in autofill
https://notcve.org/view.php?id=CVE-2016-1690
The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1701. La implementación de Autofill en Google Chrome en versiones anteriores a 51.0.2704.63 no maneja correctamente la interacción entre campos actualizados y código JavaScript que desencadena un borrado del marco, lo que permite a atacantes remotos provocar una denegación del servicio (uso después de liberación de memoria) o posiblemente tener otro impacto no especificado a través de una página web manipulada, una vulnerabilidad diferente a CVE-2016-1701. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 https://access.redhat.com/errata/RHSA-2016:1190 https://codereview& •
CVE-2016-1693 – chromium-browser: http download of software removal tool
https://notcve.org/view.php?id=CVE-2016-1693
browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack on an HTTP session. browser/safe_browsing/srt_field_trial_win.cc en Google Chrome en versiones anteriores a 51.0.2704.63 no usa el servicio HTTPS en dl.google.com para obtener el Software Removal Tool, lo que permite a atacantes suplantar el archivo chrome_cleanup_tool.exe (también conocido como CCT) a través de un ataquie man-in-the-middle en una sesión HTTP. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 https://access.redhat.com/errata/RHSA-2016:1190 https://codereview& • CWE-284: Improper Access Control •
CVE-2016-1677 – chromium-browser: type confusion in v8
https://notcve.org/view.php?id=CVE-2016-1677
uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion." uri.js en Google V8 en versiones anteriores a 5.1.281.26, como es usado en Google Chrome en versiones anteriores a 51.0.2704.63, usa un tipo de matriz incorrecto, lo que permite a atacantes remotos obtener información sensible llamando a la función decodeURI y aprovechando "confusión de tipo". • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-1695 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1695
Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 51.0.2704.63 permiten a atacantes remotos provocar una denegación del servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat. •
CVE-2016-1671
https://notcve.org/view.php?id=CVE-2016-1671
Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc. Google Chrome en versiones anteriores a 50.0.2661.102 en Android no maneja correctamente los caracteres / (barra) y \ (barra invertida), lo que permite a atacantes llevar a cabo ataques de salto de directorio a través de una URL file:, relacionado con net/base/escape.cc y net/base/filename_util.cc. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html http://www.securityfocus.com/bid/90584 http://www.securitytracker.com/id/1035872 https://codereview.chromium.org/1704163003 https://crbug.com/586657 https://groups.google.com/a/chromium.org/forum/message/raw?msg=chromium-reviews/UkMGbbnTDW8/A4g-6YkfBAAJ https://security.gentoo.org/glsa/201605-02 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •