» 2017 » 2월

CVE-2017-5023 (chrome)

Posted on 2017년 2월 17일2017년 2월 18일 by admin

CVE-2017-5023 (chrome)

Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page.

Source: CVE-2017-5023 (chrome)

CVE-2017-5022 (chrome)

Posted on 2017년 2월 17일2017년 2월 18일 by admin

CVE-2017-5022 (chrome)

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page.

Source: CVE-2017-5022 (chrome)

CVE-2017-5020 (chrome)

Posted on 2017년 2월 17일2017년 2월 18일 by admin

CVE-2017-5020 (chrome)

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page.

Source: CVE-2017-5020 (chrome)

CVE-2017-5019 (chrome)

Posted on 2017년 2월 17일2017년 2월 18일 by admin

CVE-2017-5019 (chrome)

A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Source: CVE-2017-5019 (chrome)

CVE-2017-5014 (chrome)

Posted on 2017년 2월 17일2017년 2월 18일 by admin

CVE-2017-5014 (chrome)

Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Source: CVE-2017-5014 (chrome)

CVE-2017-5013 (chrome)

Posted on 2017년 2월 17일2017년 2월 18일 by admin

CVE-2017-5013 (chrome)

Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Source: CVE-2017-5013 (chrome)

CVE-2017-5015 (chrome)

Posted on 2017년 2월 17일2017년 2월 18일 by admin

CVE-2017-5015 (chrome)

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.

Source: CVE-2017-5015 (chrome)

CVE-2017-5027

Posted on 2017년 2월 17일2017년 2월 17일 by admin

CVE-2017-5027

Source: CVE-2017-5027

CVE-2017-5008

Posted on 2017년 2월 17일2017년 2월 17일 by admin

CVE-2017-5008

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

Source: CVE-2017-5008

CVE-2017-5009

Posted on 2017년 2월 17일2017년 2월 17일 by admin

CVE-2017-5009

WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Source: CVE-2017-5009