CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1656 – chromium-browser: android downloaded file path restriction bypass
https://notcve.org/view.php?id=CVE-2016-1656
The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. La implementación de download en Google Chrome en versiones anteriores a 50.0.2661.75 en Android permite a atacantes remotos eludir las restricciones de nombre de ruta previstas a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html https://crbug.com/570750 https://security.gentoo.org/glsa/201605-02 http • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2016-1659 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1659
Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 50.0.2661.75 permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html http://www.debian.org/security/2016/dsa-3549 http://www.ubuntu.com/ •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1658 – chromium-browser: potential leak of sensitive information to malicious extensions
https://notcve.org/view.php?id=CVE-2016-1658
The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension. El subsistema Extensions en Google Chrome en versiones anteriores a 50.0.2661.75 confía incorrectamente en llamadas al método GetOrigin para comparaciones de origen, lo que permite a atacantes remotos eludir la Same Origin Policy y obtener información sensible a través de una extensión manipulada. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html http://www.debian.org/security/2016/dsa-3549 https://codereview.chromium. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1657 – chromium-browser: address bar spoofing
https://notcve.org/view.php?id=CVE-2016-1657
The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL. La función WebContentsImpl::FocusLocationBarByDefault en content/browser/web_contents/web_contents_impl.cc en Google Chrome en versiones anteriores a 50.0.2661.75 no maneja correctamente el foco para ciertas páginas about:blank, lo que permite a atacantes remotos suplantar la barra de direcciones a través de una URL manipulada. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html http://www.debian.org/security/2016/dsa-3549 https://codereview.chromium. • CWE-254: 7PK - Security Features •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1652 – chromium-browser: universal XSS in extension bindings
https://notcve.org/view.php?id=CVE-2016-1652
Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." Vulnerabilidad de XSS en la función ModuleSystem::RequireForJsInner en extensions/renderer/module_system.cc en el subsistema Extensions en Google Chrome en versiones anteriores a 50.0.2661.75 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un sitio web manipulado, también conocida como "Universal XSS (UXSS)". • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html http://www.debian.org/security/2016/dsa-3549 https://codereview.chromium. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •