CVSS: 7.6EPSS: 7%CPEs: 1EXPL: 0CVE-2016-1612 – chromium-browser: bad cast in V8
https://notcve.org/view.php?id=CVE-2016-1612
The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code. La función LoadIC::UpdateCaches en ic/ic.cc en Google V8, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, no asegura la compatibilidad del receptor antes de realizar una proyección de una variable no especificada, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de código JavaScript manipulado. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html http://rhn.redhat.com/errata/RHSA-2016-0072.html http://www.debian.org/security/2016/dsa-3456 http://www.securityfocus.com/bid/81431 http://www.securitytracker.com/id/1034801 http://www. • CWE-20: Improper Input Validation CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.6EPSS: 2%CPEs: 1EXPL: 0CVE-2016-1613 – chromium-browser: use-after-free in PDFium
https://notcve.org/view.php?id=CVE-2016-1613
Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects. Múltiples vulnerabilidades de uso después de liberación de memoria en la implementación de formfiller en PDFium, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un documento PDF manipulado, relacionado con un rastreo indebido de la destrucción de objetos (1) IPWL_FocusHandler y (2) IPWL_Provider. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html http://rhn.redhat.com/errata/RHSA-2016-0072.html http://www.debian.org/security/2016/dsa-3456 http://www.securityfocus.com/bid/81430 http://www.securitytracker.com/id/1034801 https://code&# • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1614 – chromium-browser: information leak in Blink
https://notcve.org/view.php?id=CVE-2016-1614
The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. La clase UnacceleratedImageBufferSurface en WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, no maneja correctamente el modo de inicialización, lo que permite a atacantes remotos obtener información sensible de la memoria de proceso a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html http://rhn.redhat.com/errata/RHSA-2016-0072.html http://www.debian.org/security/2016/dsa-3456 http://www.securityfocus.com/bid/81430 http://www.securitytracker.com/id/1034801 http://www. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1615 – chromium-browser: origin confusion in Omnibox
https://notcve.org/view.php?id=CVE-2016-1615
The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors. La implementación de Omnibox en Google Chrome en versiones anteriores a 48.0.2564.82 permite a atacantes remotos suplantar el origen de un documento a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html http://rhn.redhat.com/errata/RHSA-2016-0072.html http://www.debian.org/security/2016/dsa-3456 http://www.securityfocus.com/bid/81430 http://www.securitytracker.com/id/1034801 https://code&# • CWE-254: 7PK - Security Features •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1616 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1616
The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button. La función CustomButton::AcceleratorPressed en ui/views/controls/button/custom_button.cc en Google Chrome en versiones anteriores a 48.0.2564.82 permite a atacantes remotos suplantar URLs a través de vectores implicando un botón personalizado no enfocado. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html http://rhn.redhat.com/errata/RHSA-2016-0072.html http://www.debian.org/security/2016/dsa-3456 http://www.securityfocus.com/bid/81430 http://www.securitytracker.com/id/1034801 https://code&# • CWE-254: 7PK - Security Features •