CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2843 – chromium-browser: Multiple unspecified vulnerabilities in V8 before 4.9.385.26
https://notcve.org/view.php?id=CVE-2016-2843
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, as used in Google Chrome before 49.0.2623.75, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.9.385.26, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.75, permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html http://www.securitytracker.com/id/1035185 http://www.ubuntu.com/usn/USN-2920-1 https://access.redhat.com/security/cve/CVE-2016-2843 https://bugzilla.redhat.com/show_bug.cgi?id=1315359 •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2016-2844 – chromium-browser: LayoutBlock.cpp in Blink does not properly determine when anonymous block wrappers may exist
https://notcve.org/view.php?id=CVE-2016-2844
WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code. WebKit/Source/core/layout/LayoutBlock.cpp en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.75, no determina adecuadamente cuándo pueden existir wrappers de bloqueo anónimos, lo que permite a atacantes remotos provocar una denegación de servicio (proyección incorrecta y fallo de aserción) o posiblemente tener otro impacto no especificado a través de código JavaScriprt manipulado. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html http://www.securityfocus.com/bid/84170 http://www.securitytracker.com/id/1035185 http://www.ubuntu.com/usn/USN-2920-1 https://bugs.chromium.org/p/chromium/issues/detail?id=546849 https://code.google.com/p/chromium/issues/detail?id=591402 https://codereview.chromium.org/1423573002 https://access.redhat.com/security/cve/CVE-2016-2844 https://bugzilla.redhat.com/show_bug.cgi?id=1315361 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2845 – chromium-browser: CSP implementation in Blink does not ignore a URL's path component in the case of a ServiceWorker fetch
https://notcve.org/view.php?id=CVE-2016-2845
The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp. La implementación de la Content Security Policy (CSP) en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.75, no ignora un componente de ruta de URL en el caso de la recuperación de un ServiceWorker, lo que permite a atacantes remotos obtener información sensible sobre páginas web visitadas mediante la lectura de informes de violación de la CSP, relacionados con FrameFetchContext.cpp y ResourceFetcher.cpp. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html http://homakov.blogspot.com/2014/01/using-content-security-policy-for-evil.html http://www.securityfocus.com/bid/84168 http://www.securitytracker.com/id/1035185 http://www.ubuntu.com/usn/USN-2920-1 https://bugs.chromium.org/p/chromium/issues/detail?id=542060 https://code.google.com/p/chromium/issues/detail?id=591402 https://codereview.chromium.org/1454003003 https://access.redhat.com/security/cve/CVE-2016&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1630 – chromium-browser: same-origin bypass in Blink
https://notcve.org/view.php?id=CVE-2016-1630
The ContainerNode::parserRemoveChild function in WebKit/Source/core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 49.0.2623.75, mishandles widget updates, which makes it easier for remote attackers to bypass the Same Origin Policy via a crafted web site. La función ContainerNode::parserRemoveChild en WebKit/Source/core/dom/ContainerNode.cpp en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.75, no maneja correctamente las actualizaciones de widget, lo que facilita a atacantes remotos eludir la Same Origin Policy a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html http://www.debian.org/security/2016/dsa-3507 http://www.securityfocus.com/bid/84008 http://www.securitytracker.com/id/1035185 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1631 – chromium-browser: same-origin bypass in Pepper Plugin
https://notcve.org/view.php?id=CVE-2016-1631
The PPB_Flash_MessageLoop_Impl::InternalRun function in content/renderer/pepper/ppb_flash_message_loop_impl.cc in the Pepper plugin in Google Chrome before 49.0.2623.75 mishandles nested message loops, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. La función de The PPB_Flash_MessageLoop_Impl::InternalRun en content/renderer/pepper/ppb_flash_message_loop_impl.cc en el plugin Pepper en Google Chrome en versiones anteriores a 49.0.2623.75 no maneja correctamente los bucles de mensajes anidados, lo que permite a atacantes remotos eludir la Same Origin Policy a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html http://www.debian.org/security/2016/dsa-3507 http://www.securityfocus.com/bid/84008 http://www.securitytracker.com/id/1035185 • CWE-264: Permissions, Privileges, and Access Controls •