ALT-PU-2017-1150-1
Closed vulnerabilities
BDU:2017-00376
Уязвимость браузера Google Chrome, позволяющая нарушителю обойти политику безопасности контента
BDU:2017-00377
Уязвимость браузера Google Chrome, позволяющая нарушителю просматривать оповещения
BDU:2017-00378
Уязвимость браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-00379
Уязвимость браузера Google Chrome, позволяющая нарушителю получить доступ к локальным файлам
BDU:2017-00380
Уязвимость браузера Google Chrome, позволяющая нарушителю обойти политику безопасности контента
BDU:2017-00381
Уязвимость браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2017-00382
Уязвимость браузера Google Chrome, позволяющая нарушителю получить доступ к защищаемой информации
BDU:2017-00383
Уязвимость браузера Google Chrome, позволяющая нарушителю просматривать некоторые элементы пользовательского интерфейса
BDU:2017-00384
Уязвимость браузера Google Chrome, позволяющая нарушителю выполнить подмену домена
BDU:2017-00385
Уязвимость браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-00386
Уязвимость браузера Google Chrome, позволяющая нарушителю подменить содержимое в Omnibox (URL bar)
BDU:2017-00387
Уязвимость браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-00388
Уязвимость браузера Google Chrome, позволяющая нарушителю установить вредоносное расширение
BDU:2017-00389
Уязвимость браузера Google Chrome, позволяющая нарушителю внедрить произвольный скрипт
BDU:2017-00390
Уязвимость браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-00391
Уязвимость браузера Google Chrome, позволяющая нарушителю внедрить произвольный скрипт
BDU:2017-00392
Уязвимость браузера Google Chrome, позволяющая нарушителю внедрить произвольный скрипт
BDU:2017-00393
Уязвимость компонента Blink браузера Google Chrome, позволяющая нарушителю внедрить произвольный скрипт
Modified: 2024-11-21
CVE-2017-1000460
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.
- https://bugzilla.libav.org/show_bug.cgi?id=952
- https://bugzilla.libav.org/show_bug.cgi?id=952
- https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/8e313ca08800178efce00045e07dc494d437b70c
- https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/8e313ca08800178efce00045e07dc494d437b70c
- [debian-lts-announce] 20190330 [SECURITY] [DLA 1740-1] libav security update
- [debian-lts-announce] 20190330 [SECURITY] [DLA 1740-1] libav security update
- https://lists.ffmpeg.org/pipermail/ffmpeg-cvslog/2017-January/104221.html
- https://lists.ffmpeg.org/pipermail/ffmpeg-cvslog/2017-January/104221.html
Modified: 2024-11-21
CVE-2017-5006
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/673170
- https://crbug.com/673170
- GLSA-201701-66
- GLSA-201701-66
Modified: 2024-11-21
CVE-2017-5007
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/671102
- https://crbug.com/671102
- GLSA-201701-66
- GLSA-201701-66
Modified: 2024-11-21
CVE-2017-5008
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/668552
- https://crbug.com/668552
- GLSA-201701-66
- GLSA-201701-66
Modified: 2024-11-21
CVE-2017-5009
WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/667504
- https://crbug.com/667504
- GLSA-201701-66
- GLSA-201701-66
Modified: 2024-11-21
CVE-2017-5010
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/663476
- https://crbug.com/663476
- GLSA-201701-66
- GLSA-201701-66
Modified: 2024-11-21
CVE-2017-5011
Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/662859
- https://crbug.com/662859
- GLSA-201701-66
- GLSA-201701-66
Modified: 2024-11-21
CVE-2017-5012
A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/681843
- https://crbug.com/681843
- GLSA-201701-66
- GLSA-201701-66
Modified: 2024-11-21
CVE-2017-5013
Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/677716
- https://crbug.com/677716
- GLSA-201701-66
- GLSA-201701-66
Modified: 2024-11-21
CVE-2017-5014
Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/675332
- https://crbug.com/675332
- GLSA-201701-66
- GLSA-201701-66
Modified: 2024-11-21
CVE-2017-5015
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/673971
- https://crbug.com/673971
- GLSA-201701-66
- GLSA-201701-66
Modified: 2024-11-21
CVE-2017-5016
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/673163
- https://crbug.com/673163
- GLSA-201701-66
- GLSA-201701-66
Modified: 2024-11-21
CVE-2017-5017
Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/676975
- https://crbug.com/676975
- GLSA-201701-66
- GLSA-201701-66
Modified: 2024-11-21
CVE-2017-5018
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/668665
- https://crbug.com/668665
- GLSA-201701-66
- GLSA-201701-66
Modified: 2024-11-21
CVE-2017-5019
A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/666714
- https://crbug.com/666714
- GLSA-201701-66
- GLSA-201701-66
Modified: 2024-11-21
CVE-2017-5020
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/668653
- https://crbug.com/668653
- GLSA-201701-66
- GLSA-201701-66
Modified: 2024-11-21
CVE-2017-5021
A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/663726
- https://crbug.com/663726
- GLSA-201701-66
- GLSA-201701-66
Modified: 2024-11-21
CVE-2017-5022
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/663620
- https://crbug.com/663620
- GLSA-201701-66
- GLSA-201701-66
Modified: 2024-11-21
CVE-2017-5023
Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/651443
- https://crbug.com/651443
- GLSA-201701-66
- GLSA-201701-66
Modified: 2024-11-21
CVE-2017-5024
FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/643951
- https://crbug.com/643951
- GLSA-201701-66
- GLSA-201701-66
- GLSA-201705-05
- GLSA-201705-05
Modified: 2024-11-21
CVE-2017-5025
FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/643950
- https://crbug.com/643950
- GLSA-201701-66
- GLSA-201701-66
- GLSA-201705-05
- GLSA-201705-05
Modified: 2024-11-21
CVE-2017-5026
Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page.
- RHSA-2017:0206
- RHSA-2017:0206
- DSA-3776
- DSA-3776
- 95792
- 95792
- 1037718
- 1037718
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
- https://crbug.com/634108
- https://crbug.com/634108
- GLSA-201701-66
- GLSA-201701-66
Modified: 2024-11-21
CVE-2017-5027
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
Modified: 2024-11-21
CVE-2017-5028
Insufficient data validation in V8 in Google Chrome prior to 56.0.2924.76 allowed a remote attacker to leak cross-origin data via a crafted HTML page.