CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1620 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1620
Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 48.0.2564.82 permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html http://rhn.redhat.com/errata/RHSA-2016-0072.html http://www.debian.org/security/2016/dsa-3456 http://www.securityfocus.com/bid/81430 http://www.securitytracker.com/id/1034801 http://www. •
CVSS: 8.8EPSS: 8%CPEs: 1EXPL: 1CVE-2015-8664 – Google Chrome - Renderer Process to Browser Process Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-8664
Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792. Desbordamiento de entero en la función the WebCursor::Deserialize en content/common/cursors/webcursor.cc en Google Chrome en versiones anteriores a la 47.0.2526.106 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un array de pixel RGBA con dimensiones manipuladas, una vulnerabilidad diferente a CVE-2015-6792. • https://www.exploit-db.com/exploits/39039 http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html http://www.securityfocus.com/bid/79686 http://www.securitytracker.com/id/1034491 http://www.ubuntu.com/usn/USN-2860-1 https://code.google.com/p/chromium/issues/detail?id=565023 https://code.google.com/p/chromium/issues/detail?id=569486 https://codereview.chromium.org/1498903003 https://access.redhat.com/security/cve/CVE-2015-8664 https://bugzilla.redhat. • CWE-189: Numeric Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2015-6792 – chromium-browser: Fixes from internal audits and fuzzing
https://notcve.org/view.php?id=CVE-2015-6792
The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664. El subsistema MIDI en Google Chrome en versiones anteriores a la 47.0.2526.106 no maneja correctamente el envío de datos, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la aplicación) a través de vectores no especificados, relacionada con midi_manager.cc, midi_manager_alsa.cc y midi_manager_mac.cc, una vulnerabilidad diferente a CVE-2015-8664. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00030.html http://rhn.redhat.com/errata/RHSA-2015-2665.html http://www.debian.org/security/2016/dsa-3456 http://www.securityfocus.com/bid/79348 http://www.securitytracker.com/id/1034491 https://code.google.com/p/chromium/issues/detail?id=564501 https://code.google.com&# •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6790 – chromium-browser: Escaping issue in saved pages
https://notcve.org/view.php?id=CVE-2015-6790
The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string. La función WebPageSerializerImpl::openTagToString en WebKit/Source/web/WebPageSerializerImpl.cpp en el serializador de página en Google Chrome en versiones anteriores a 47.0.2526.80 no usa adecuadamente entidades HTML, lo que puede permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un documento manipulado, según lo demostrado en un carácter de doble comilla dentro de una cadena entre comillas simples . • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://rhn.redhat.com/errata/RHSA-2015-2618.html http://www.debian.org/security/2015/dsa-3418 http://www.securityfocus.com/bid/78734 http://www.ubuntu.com/usn/USN-2860-1 https://code.google.com/p/chromium/issues/detail?id=542054 https://codereview.chromium • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6791 – chromium-browser: Various fixes from internal audits, fuzzing and other initiatives
https://notcve.org/view.php?id=CVE-2015-6791
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 47.0.2526.80 permite a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://rhn.redhat.com/errata/RHSA-2015-2618.html http://www.debian.org/security/2015/dsa-3418 http://www.securityfocus.com/bid/78734 http://www.ubuntu.com/usn/USN-2860-1 https://code.google.com/p/chromium/issues/detail?id=534994 https://code.google.com •