Page 482 of 3368 results (0.012 seconds)

CVSS: 6.4EPSS: 0%CPEs: 101EXPL: 0

The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors. La función WebContentsDelegateAndroid::OpenURLFromTab en components/web_contents_delegate_android/web_contents_delegate_android.cc en Google Chrome anterior a 36.0.1985.122 en Android no restringe debidamente la carga de URLs, lo que permite a atacantes remotos falsificar la URL en el Omnibox a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html https://code.google.com/p/chromium/issues/detail?id=352083 https://src.chromium.org/viewvc/chrome?revision=273865&view=revision • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 1%CPEs: 105EXPL: 0

The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file. La función ResourceFetcher::canRequest en core/fetch/ResourceFetcher.cpp en Blink, utilizado en Google Chrome anterior a 36.0.1985.125, no restringe debidamente las solicitudes de subrecursos asociados con ficheros SVG, lo que permite a atacantes remotos evadir Same Origin Policy a través de un fichero manipulado. • http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html http://secunia.com/advisories/60061 http://secunia.com/advisories/60372 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/68677 https://code.google.com/p/chromium/issues/detail?id=380885 https://src.chromium.org/viewvc/blink?revision=176084&view=revision • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 105EXPL: 0

Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 36.0.1985.125 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html http://secunia.com/advisories/60061 http://secunia.com/advisories/60372 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/68677 https://code.google.com/p/chromium/issues/detail?id=393765 •

CVSS: 7.5EPSS: 0%CPEs: 101EXPL: 0

The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream. La función WebMediaPlayerAndroid::load en content/renderer/media/android/webmediaplayer_android.cc en Google Chrome anterior a 36.0.1985.122 en Android no interactúa debidamente con las redirecciones, lo que permite a atacantes remotos evadir Same Origin Policy a través de un sitio web manipulado que hospeda un flujo de vídeo. • http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html https://code.google.com/p/chromium/issues/detail?id=334204 https://src.chromium.org/viewvc/chrome?revision=266396&view=revision • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 104EXPL: 0

Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying FFmpeg library. Desbordamiento de buffer basado en memoria dinámica en la función FFmpegVideoDecoder::GetVideoBuffer en media/filters/ffmpeg_video_decoder.cc en Google Chrome anterior a 35.0.1916.153 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante el aprovechamiento de estructuras de datos VideoFrame que son demasiado pequeñas para la interacción debida con una libraría FFmpeg subyacente. • http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html http://secunia.com/advisories/58585 http://secunia.com/advisories/59090 http://secunia.com/advisories/60061 http://secunia.com/advisories/60372 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2959 http://www.securityfocus.com/bid/67972 https://code.google.com/p/chromium/issues/detail?id=368980 https://src.chromium.org/viewvc/chrome?revision=268831&view=revision • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •