CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 0CVE-2016-1624 – chromium-browser: buffer overflow in Brotli
https://notcve.org/view.php?id=CVE-2016-1624
Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression. Desbordamiento inferior de entero en la función ProcessCommandsInternal en dec/decode.c en Brotli, como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.109, permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer) o posiblemente tener otro impacto no especificado a través de datos manipulados con compresión brotli. • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00119.html http://rhn.redhat.com/errata/RHSA-2016-0241.html http://www.debian.org/security/2016/dsa-3486 http://www.securityfocus.com/bid/83125 http://www.securitytracker.com/id/1035183 http://www.ubuntu.com/usn/USN-2895-1 https://code.google.com/p/chromium/issues/detail?id=583607 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2016-1622 – chromium-browser: same-origin bypass in Extensions
https://notcve.org/view.php?id=CVE-2016-1622
The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. El subsistema Extensions en Google Chrome en versiones anteriores a 48.0.2564.109 no previene el uso del método Object.defineProperty para sobreescribir el comportamiento de extensión previsto, lo que permite a atacantes remotos eludir la Same Origin Policy a través de código JavaScript manipulado. • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00119.html http://rhn.redhat.com/errata/RHSA-2016-0241.html http://www.debian.org/security/2016/dsa-3486 http://www.securityfocus.com/bid/83125 http://www.securitytracker.com/id/1035183 https://code.google.com/p/chromium/issues/detail?id=546677 https://codereview.chromium.org/1417513003 ht • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 11%CPEs: 3EXPL: 0CVE-2016-1626 – Google Chrome Pdfium JPEG2000 Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1626
The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. La función opj_pi_update_decode_poc en pi.c en OpenJPEG, como se utiliza en PDFium en Google Chrome en versiones anteriores a 48.0.2564.109, no calcula correctamente un determinado valor de índice de capa, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de un documento PDF manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPEG2000 images. A specially crafted JPEG2000 image embedded inside a PDF can force Google Chrome to read memory past the end of an allocated object. • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00119.html http://rhn.redhat.com/errata/RHSA-2016-0241.html http://www.debian.org/security/2016/dsa-3486 http://www.securityfocus.com/bid/83125 http://www.securitytracker.com/id/1035183 http://www.zerodayinitiative.com/advisories/ZDI-16-171 https://code.google.com/p/chromium/issues/detail • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1616 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1616
The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button. La función CustomButton::AcceleratorPressed en ui/views/controls/button/custom_button.cc en Google Chrome en versiones anteriores a 48.0.2564.82 permite a atacantes remotos suplantar URLs a través de vectores implicando un botón personalizado no enfocado. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html http://rhn.redhat.com/errata/RHSA-2016-0072.html http://www.debian.org/security/2016/dsa-3456 http://www.securityfocus.com/bid/81430 http://www.securitytracker.com/id/1034801 https://code&# • CWE-254: 7PK - Security Features •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1620 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1620
Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 48.0.2564.82 permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html http://rhn.redhat.com/errata/RHSA-2016-0072.html http://www.debian.org/security/2016/dsa-3456 http://www.securityfocus.com/bid/81430 http://www.securitytracker.com/id/1034801 http://www. •