CVSS: 8.1EPSS: 4%CPEs: 4EXPL: 0CVE-2016-1651 – Google Chrome Pdfium JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-1651
fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document. fxcodec/codec/fx_codec_jpx_opj.cpp en PDFium, como se utiliza en Google Chrome en versiones anteriores a 50.0.2661.75, no implementa correctamente las funciones sycc420_to_rgb y sycc422_to_rgb, lo que permite a atacantes remotos obtener información sensible de memoria de proceso o provocar una denegación de servicio (lectura fuera de rango) a través de datos JPEG 2000 manipulados en un documento PDF. This vulnerability allows an attacker to leak sensitive information on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPEG2000 images. A specially crafted JPEG2000 image embedded inside a PDF can force Google Chrome to read memory past the end of an allocated object. An attacker can leverage this vulnerability to disclose the contents of adjacent memory. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html http://www.debian.org/security/2016/dsa-3549 http://zerodayinitiative.com&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-3679 – chromium-browser: multiple unspecified vulnerabilities
https://notcve.org/view.php?id=CVE-2016-3679
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.9.385.33, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.108, permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-0525.html http://www.securitytracker.com/id/1035423 http://www.ubuntu.com/usn/USN-2955-1 https://access.redhat.com/security/cve/CVE-2016-3679 https: •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1650 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1650
The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document. La función PageCaptureSaveAsMHTMLFunction::ReturnFailure en browser/extensions/api/page_capture/page_capture_api.cc en Google Chrome en versiones anteriores a 49.0.2623.108 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado desencadenando un error en la creación de un documento MHTML. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-0525.html http://www.debian.org/security/2016/dsa-3531 http://www.securitytracker.com/id/1035423 https://bugs.chromium.org/p/chromium/issues/detail?id= •
CVSS: 9.3EPSS: 3%CPEs: 6EXPL: 0CVE-2016-1649 – Google Chrome libANGLE glGetUniformfv Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1649
The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages. La función Program::getUniformInternal en Program.cpp en libANGLE, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.108, no maneja adecuadamente ciertos tipos de datos que no coinciden, lo que permite a atacantes remotos provocar una denegación de servicio (desbordamiento de buffer) o posiblemente tener otro impacto no especificado a través de etapas de shader manipuladas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the libANGLE library. The issue lies in the failure to safely copy data from buffers of disparate types. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-0525.html http://www.debian.org/security/2016/dsa-3531 http://www.securitytracker.com/id/1035423 http://www.ubuntu.com/usn/USN-2955-1 http://w • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 6EXPL: 0CVE-2016-1647 – chromium-browser: use-after-free in Navigation
https://notcve.org/view.php?id=CVE-2016-1647
Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación de memoria en la función RenderWidgetHostImpl::Destroy en content/browser/renderer_host/render_widget_host_impl.cc en la implementación de Navigation en Google Chrome en versiones anteriores a 49.0.2623.108 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-0525.html http://www.debian.org/security/2016/dsa-3531 http://www.securitytracker.com/id/1035423 http://www.ubuntu.com/usn/USN-2955-1 https:// •