CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2016-5128 – chromium-browser: same-origin bypass in v8
https://notcve.org/view.php?id=CVE-2016-5128
objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. objects.cc en Google V8 en versiones anteriores a 5.2.361.27, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, no impide que los interceptores de la API modifiquen un objetivo de almacenamiento sin ajustar una propiedad, lo que permite a atacantes remotos eludir la Same Origin Policy a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html http://rhn.redhat.com/errata/RHSA-2016-1485.html http://www.debian.org/security/2016/dsa-3637 http://www.securityfocus.com/ • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2016-5129 – chromium-browser: memory corruption in v8
https://notcve.org/view.php?id=CVE-2016-5129
Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code. Google V8 en versiones anteriores a 5.2.361.32, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, no procesa adecuadamente los objetos recortados por la izquierda, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de un código JavaScript manipulado. • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html http://rhn.redhat.com/errata/RHSA-2016-1485.html http://www.debian.org/security/2016/dsa-3637 http://www.securityfocus.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •