CVSS: 9.3EPSS: 3%CPEs: 6EXPL: 0CVE-2016-1649 – Google Chrome libANGLE glGetUniformfv Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1649
The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages. La función Program::getUniformInternal en Program.cpp en libANGLE, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.108, no maneja adecuadamente ciertos tipos de datos que no coinciden, lo que permite a atacantes remotos provocar una denegación de servicio (desbordamiento de buffer) o posiblemente tener otro impacto no especificado a través de etapas de shader manipuladas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the libANGLE library. The issue lies in the failure to safely copy data from buffers of disparate types. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-0525.html http://www.debian.org/security/2016/dsa-3531 http://www.securitytracker.com/id/1035423 http://www.ubuntu.com/usn/USN-2955-1 http://w • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 6EXPL: 0CVE-2016-1647 – chromium-browser: use-after-free in Navigation
https://notcve.org/view.php?id=CVE-2016-1647
Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación de memoria en la función RenderWidgetHostImpl::Destroy en content/browser/renderer_host/render_widget_host_impl.cc en la implementación de Navigation en Google Chrome en versiones anteriores a 49.0.2623.108 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-0525.html http://www.debian.org/security/2016/dsa-3531 http://www.securitytracker.com/id/1035423 http://www.ubuntu.com/usn/USN-2955-1 https:// •
CVSS: 9.3EPSS: 28%CPEs: 13EXPL: 1CVE-2016-1646 – Google Chromium V8 Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2016-1646
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code. La implementación de Array.prototype.concat en builtins.cc en Google V8, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.108, no considera adecuadamante los tipos de datos del elemento, lo que permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro impacto no especificado a través de código JavaScript manipulado. Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via crafted JavaScript code. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-0525.html http://www.debian.org/security/2016/dsa-3531 http://www.securitytracker.com/id/1035423 http://www.ubuntu.com/usn/USN-2955-1 https:// • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 2%CPEs: 3EXPL: 0CVE-2016-1648 – chromium-browser: use-after-free in Extensions
https://notcve.org/view.php?id=CVE-2016-1648
Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code. Vulnerabilidad de uso después de liberación de memoria en la función GetLoadTimes en renderer/loadtimes_extension_bindings.cc en la implementación de Extensions en Google Chrome en versiones anteriores a 49.0.2623.108 permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de código JavaScript manipulado. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-0525.html http://www.debian.org/security/2016/dsa-3531 http://www.securitytracker.com/id/1035423 https://code.google.com/p/chromium/issues/detail?id=5 •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2016-1643 – chromium-browser: type confusion in Blink
https://notcve.org/view.php?id=CVE-2016-1643
The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." La función ImageInputType::ensurePrimaryContent en WebKit/Source/core/html/forms/ImageInputType.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.87, no mantiene adecuadamente el user agent shadow DOM, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que aprovechan "type confusion". • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_8.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00073.html http://www.debian.org/security/2016/dsa-3513 http://www.securityfocus.com/bid/84224 http://www.securitytracker.com/id/1035259 http://www.ubuntu.com/usn/USN-2920-1 https://code.google.com • CWE-361: 7PK - Time and State CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •