CVE-2016-1697 – chromium-browser: cross-origin bypass in blink
https://notcve.org/view.php?id=CVE-2016-1697
The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. La funciónFrameLoader::startLoad en WebKit/Source/core/loader/FrameLoader.cpp en Blink, como es usada en Google Chrome en versiones anteriores a 51.0.2704.79, no impide marcos de navegación durante las operaciones de separación DocumentLoader, lo que permite a atacantes remotos eludir la Same Origin Policy a través de código JavaScript manipulado. • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3594 http://www.securitytracker.com/id/1036026 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat.com/errata/RHSA-2016:1201 https://codereview • CWE-284: Improper Access Control •
CVE-2016-1699 – Trend Micro Maximum Security Regex Matching Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1699
WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL. WebKit/Source/devtools/front_end/devtools.js en el subsistema Developer Tools (también conocido como DevTools) en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 51.0.2704.79, no asegura que el parámetro remoteFrontendUrl esté asociado con una URL chrome-devtools-frontend.appspot.com, lo que permite a atacantes remotos eludir las restricciones destinadas al acceso a través de una URL manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Maximum Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the analysis of web pages. By performing actions in script matching a large array against a RegEx, an attacker can cause a pointer to be reused after it has been freed. • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3594 http://www.securitytracker.com/id/1036026 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat.com/errata/RHSA-2016:1201 https://codereview • CWE-284: Improper Access Control •
CVE-2016-1698 – chromium-browser: information leak in extension bindings
https://notcve.org/view.php?id=CVE-2016-1698
The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition. La función createCustomType en extensions/renderer/resources/binding.js en las extensiones vinculantes en Google Chrome en versiones anteriores a 51.0.2704.79 no valida los tipos de módulos, lo que podría permitir a atacantes cargar módulos arbitrarios u obtener información sensible aprovechando una definición trampa. • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3594 http://www.securitytracker.com/id/1036026 https://access.redhat.com/errata/RHSA-2016:1201 https://codereview.chromium.org/1912783002 https://crbug.com/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-1679 – chromium-browser: heap use-after-free in v8 bindings
https://notcve.org/view.php?id=CVE-2016-1679
The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code. La función ToV8Value en content/child/v8_value_converter_impl.cc en los vínculos V8 en Google Chrome en versiones anteriores a 51.0.2704.63 no restringe adecuadamente el uso de captadores y definidores, lo que permite a atacantes remotos provocar una denegación del sistema (uso después de liberación de memoria) o posiblemente tener otro impacto no especificado a través de un código JavaScript manipulado. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat. •
CVE-2016-1689 – chromium-browser: heap buffer overflow in media
https://notcve.org/view.php?id=CVE-2016-1689
Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. Desbordamiento de buffer basado en memoria dinámica en content/renderer/media/canvas_capture_handler.cc en Google Chrome en versiones anteriores a 51.0.2704.63 permite a atacantes remotos provocar una denegación del servicio o posiblemente tener otro impacto no especificado a través de una página web manipulada. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90876 http://www.securitytracker.com/id/1035981 http://www.ubuntu.com/usn/USN-2992-1 https://access.redhat. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •