Page 570 of 3368 results (0.017 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

The WebUI privilege implementation in Google Chrome before 17.0.963.83 does not properly perform isolation, which allows remote attackers to bypass intended access restrictions via unspecified vectors. La implementación de privilegios de WebUI en Google Chrome antes de v17.0.963.83 no realiza correctamente el aislamiento, lo que permite a atacantes remotos eludir restricciones de acceso a través de vectores no especificados. • http://code.google.com/p/chromium/issues/detail?id=117418 http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html http://osvdb.org/80292 http://secunia.com/advisories/48512 http://secunia.com/advisories/48527 http://security.gentoo.org/glsa/glsa-201203-19.xml http://www.securityfocus.com/bid/52674 http://www.securitytracker.com/id?1026841 https://exchange.xforce.ibmcloud.com/vulnerabilities • CWE-269: Improper Privilege Management •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension. La interfaz de usuario nativa en Google Chrome antes de v17.0.963.83 no solicita confirmación del usuario antes de una instalación de extensión no empaquetada, lo que permite a atacantes remotos con la ayuda del usuario local a tener un impacto no especificado a través de una extensión diseñada a mano. • http://code.google.com/p/chromium/issues/detail?id=117736 http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html http://secunia.com/advisories/48512 http://secunia.com/advisories/48527 http://security.gentoo.org/glsa/glsa-201203-19.xml http://www.securityfocus.com/bid/52674 http://www.securitytracker.com/id?1026841 https://exchange.xforce.ibmcloud.com/vulnerabilities/74215 https://oval.cis • CWE-306: Missing Authentication for Critical Function •

CVSS: 6.8EPSS: 18%CPEs: 18EXPL: 0

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026. El error de signo de entero en pngrutil.c en libpng antes v1.4.10beta01, tal y como se utiliza en Google Chrome antes de v17.0.963.83 y otros productos, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de un archivo PNG especificamente diseñado para este fin. Se trata de una vulnerabilidad diferente a CVE-2011-3026. • http://code.google.com/p/chromium/issues/detail?id=116162 http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html http://lists.fedoraproj • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0

The GPU process in Google Chrome before 17.0.963.79 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an error in the plug-in loading mechanism. El proceso de GPU en Google Chrome antes de v17.0.963.79 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria) aprovechandose de un error en el mecanismo de carga de plugins. • http://code.google.com/p/chromium/issues/detail?id=117620 http://code.google.com/p/chromium/issues/detail?id=117656 http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update_10.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html http://secunia.com/advisories/48375 http://secunia.com/advisories/48419 http://secunia.com/advisories/48527 http://security.gentoo.org/glsa/glsa-201203-19.xml http://www.securityfocus.com/bid/52395 https://exchange& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0

The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue. El subsistema de extensión en Google Chrome antes de v17.0.963.78 no gestiona adecuadamente el historial de navegación, lo que permite a atacantes remotos ejecutar código de su elección qaprovechandose de un problema "XSS universal(UXSS)". • http://code.google.com/p/chromium/issues/detail?id=117226 http://code.google.com/p/chromium/issues/detail?id=117230 http://googlechromereleases.blogspot.com/2012/03/chrome-stable-channel-update.html http://lists.apple.com/archives/security-announce/2012/May/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html http://secunia.com/advisories/47292 http://secunia.com/advisories/48321 http • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •