CVE-2016-1633 – chromium-browser: use-after-free in Blink
https://notcve.org/view.php?id=CVE-2016-1633
Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación de memoria en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.75, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html http://www.debian.org/security/2016/dsa-3507 http://www.securityfocus.com/bid/84008 http://www.securitytracker.com/id/1035185 • CWE-416: Use After Free •
CVE-2016-2844 – chromium-browser: LayoutBlock.cpp in Blink does not properly determine when anonymous block wrappers may exist
https://notcve.org/view.php?id=CVE-2016-2844
WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code. WebKit/Source/core/layout/LayoutBlock.cpp en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.75, no determina adecuadamente cuándo pueden existir wrappers de bloqueo anónimos, lo que permite a atacantes remotos provocar una denegación de servicio (proyección incorrecta y fallo de aserción) o posiblemente tener otro impacto no especificado a través de código JavaScriprt manipulado. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html http://www.securityfocus.com/bid/84170 http://www.securitytracker.com/id/1035185 http://www.ubuntu.com/usn/USN-2920-1 https://bugs.chromium.org/p/chromium/issues/detail?id=546849 https://code.google.com/p/chromium/issues/detail?id=591402 https://codereview.chromium.org/1423573002 https://access.redhat.com/security/cve/CVE-2016-2844 https://bugzilla.redhat.com/show_bug.cgi?id=1315361 • CWE-20: Improper Input Validation •
CVE-2016-1639 – chromium-browser: use-after-free in WebRTC
https://notcve.org/view.php?id=CVE-2016-1639
Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect reliance on the resource context pointer. Vulnerabilidad de uso después de liberación de memoria en browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc en la implementación de la API WebRTC Audio Private en Google Chrome en versiones anteriores a 49.0.2623.75 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado aprovechando la confianza incorrecta en el puntero de contexto de recurso. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html http://www.debian.org/security/2016/dsa-3507 http://www.securityfocus.com/bid/84008 http://www.securitytracker.com/id/1035185 • CWE-416: Use After Free •
CVE-2016-1631 – chromium-browser: same-origin bypass in Pepper Plugin
https://notcve.org/view.php?id=CVE-2016-1631
The PPB_Flash_MessageLoop_Impl::InternalRun function in content/renderer/pepper/ppb_flash_message_loop_impl.cc in the Pepper plugin in Google Chrome before 49.0.2623.75 mishandles nested message loops, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. La función de The PPB_Flash_MessageLoop_Impl::InternalRun en content/renderer/pepper/ppb_flash_message_loop_impl.cc en el plugin Pepper en Google Chrome en versiones anteriores a 49.0.2623.75 no maneja correctamente los bucles de mensajes anidados, lo que permite a atacantes remotos eludir la Same Origin Policy a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html http://www.debian.org/security/2016/dsa-3507 http://www.securityfocus.com/bid/84008 http://www.securitytracker.com/id/1035185 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-2845 – chromium-browser: CSP implementation in Blink does not ignore a URL's path component in the case of a ServiceWorker fetch
https://notcve.org/view.php?id=CVE-2016-2845
The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp. La implementación de la Content Security Policy (CSP) en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.75, no ignora un componente de ruta de URL en el caso de la recuperación de un ServiceWorker, lo que permite a atacantes remotos obtener información sensible sobre páginas web visitadas mediante la lectura de informes de violación de la CSP, relacionados con FrameFetchContext.cpp y ResourceFetcher.cpp. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html http://homakov.blogspot.com/2014/01/using-content-security-policy-for-evil.html http://www.securityfocus.com/bid/84168 http://www.securitytracker.com/id/1035185 http://www.ubuntu.com/usn/USN-2920-1 https://bugs.chromium.org/p/chromium/issues/detail?id=542060 https://code.google.com/p/chromium/issues/detail?id=591402 https://codereview.chromium.org/1454003003 https://access.redhat.com/security/cve/CVE-2016 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •