NotCVE - vendor:"Google" product:"Chrome" version:"

Page 431 of 3354 results (0.009 seconds)

CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 0

CVE-2016-1624 – chromium-browser: buffer overflow in Brotli

https://notcve.org/view.php?id=CVE-2016-1624

Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression. Desbordamiento inferior de entero en la función ProcessCommandsInternal en dec/decode.c en Brotli, como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.109, permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer) o posiblemente tener otro impacto no especificado a través de datos manipulados con compresión brotli. • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00119.html http://rhn.redhat.com/errata/RHSA-2016-0241.html http://www.debian.org/security/2016/dsa-3486 http://www.securityfocus.com/bid/83125 http://www.securitytracker.com/id/1035183 http://www.ubuntu.com/usn/USN-2895-1 https://code.google.com/p/chromium/issues/detail?id=583607 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2016-1625 – chromium-browser: navigation bypass in Chrome Instant

https://notcve.org/view.php?id=CVE-2016-1625

The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc. La funcionalidad Chrome Instant en Google Chrome en versiones anteriores a 48.0.2564.109 no asegura que un destino de navegación New Tab Page (NTP) se encuentre en las listas de más visitados o sugerencias, lo que permite a atacantes remotos eludir las restricciones previstas a través de vectores no especificados, relacionado con instant_service.cc y search_tab_helper.cc. • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00119.html http://rhn.redhat.com/errata/RHSA-2016-0241.html http://www.debian.org/security/2016/dsa-3486 http://www.securityfocus.com/bid/83125 http://www.securitytracker.com/id/1035183 https://code.google.com/p/chromium/issues/detail?id=509313 https://codereview.chromium.org/1669723002 ht • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2016-1627 – chromium-browser: various fixes from internal audits

https://notcve.org/view.php?id=CVE-2016-1627

The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js. El subsistema Developer Tools (también conocido como DevTools) en Google Chrome en versiones anteriores a 48.0.2564.109 no valida esquemas URL y asegura que el parámetro remoteBase esta asociado con una URL chrome-devtools-frontend.appspot.com, lo que permite a atacantes remotos eludir las restricciones destinadas al acceso a través de una URL manipulada, relacionado con browser/devtools/devtools_ui_bindings.cc y WebKit/Source/devtools/front_end/Runtime.js. • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00119.html http://rhn.redhat.com/errata/RHSA-2016-0241.html http://www.debian.org/security/2016/dsa-3486 http://www.securityfocus.com/bid/83125 http://www.securitytracker.com/id/1035183 https://code.google.com/p/chromium/issues/detail?id=571121 https://code.google.com/p/chromium/issu • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2016-2051 – chromium-browser: Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17

https://notcve.org/view.php?id=CVE-2016-2051

Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.8.271.17, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html http://rhn.redhat.com/errata/RHSA-2016-0072.html http://www.securityfocus.com/bid/81431 http://www.securitytracker.com/id/1034801 http://www.ubuntu.com/usn/USN-2877-1 https://access.redhat.com/security/cve/CVE-2016-2051 https://bugzilla.redhat.com/show_bug.cgi?id=1301550 •

CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-2052 – chromium-browser: Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6

https://notcve.org/view.php?id=CVE-2016-2052

Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc, a different issue than CVE-2015-8947. Múltiples vulnerabilidades no especificadas en HarfBuzz en versiones anteriores a 1.0.6, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de datos manipulados, como se demuestra por una sobre lectura del buffer como resultado de una comprobación de longitud invertida en hb-ot-font.cc, una cuestión diferente de CVE-2015-8947. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00070.html http://rhn.redhat.com/errata/RHSA-2016-0072.html http://www.securityfocus.com/bid/81812 http://www.securitytracker.com/id/1034801 http://www.ubuntu.com/usn/USN-2877-1 http://www.ubuntu.com/usn/USN-3067-1 https://code.google.com/p/chromium/issues/detail?id=544270 https://code.google.com/p/chromium/issues/detail?id=579625 https •

1...429 430 431 432 433