CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 0CVE-2016-1654 – chromium-browser: uninitialized memory read in media
https://notcve.org/view.php?id=CVE-2016-1654
The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors. El subsistema media en Google Chrome en versiones anteriores a 50.0.2661.75 no inicializa una estructura de datos no especificada, lo que permite a atacantes remotos provocar una denegación de servicio (operación de lectura no válida) a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html http://www.debian.org/security/2016/dsa-3549 http://www.ubuntu.com/ • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2016-1655 – chromium-browser: use-after-free related to extensions
https://notcve.org/view.php?id=CVE-2016-1655
Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension. Google Chrome en versiones anteriores a 50.0.2661.75 no considera correctamente que la eliminación de tramas pueda ocurrir durante la ejecución de una llamada de retorno, lo que permite a atacantes remotos provocar una denegación de servicio (uso después de liberación de memoria) o posiblemente tener otro impacto no especificado a través de una extensión manipulada. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html http://www.debian.org/security/2016/dsa-3549 http://www.ubuntu.com/ •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1657 – chromium-browser: address bar spoofing
https://notcve.org/view.php?id=CVE-2016-1657
The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL. La función WebContentsImpl::FocusLocationBarByDefault en content/browser/web_contents/web_contents_impl.cc en Google Chrome en versiones anteriores a 50.0.2661.75 no maneja correctamente el foco para ciertas páginas about:blank, lo que permite a atacantes remotos suplantar la barra de direcciones a través de una URL manipulada. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html http://www.debian.org/security/2016/dsa-3549 https://codereview.chromium. • CWE-254: 7PK - Security Features •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1658 – chromium-browser: potential leak of sensitive information to malicious extensions
https://notcve.org/view.php?id=CVE-2016-1658
The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension. El subsistema Extensions en Google Chrome en versiones anteriores a 50.0.2661.75 confía incorrectamente en llamadas al método GetOrigin para comparaciones de origen, lo que permite a atacantes remotos eludir la Same Origin Policy y obtener información sensible a través de una extensión manipulada. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html http://www.debian.org/security/2016/dsa-3549 https://codereview.chromium. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2016-1659 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1659
Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 50.0.2661.75 permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html http://www.debian.org/security/2016/dsa-3549 http://www.ubuntu.com/ •