CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2015-6792 – chromium-browser: Fixes from internal audits and fuzzing
https://notcve.org/view.php?id=CVE-2015-6792
17 Dec 2015 — The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664. El subsistema MIDI en Google Chrome en versiones anteriores a la 47.0.2526.106 no maneja correctamente el envío de datos, lo que permite a atacantes remotos e... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8548 – v8: multiple vulnerabilities fixed in 4.7.80.23
https://notcve.org/view.php?id=CVE-2015-8548
14 Dec 2015 — Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.7.80.23, como se utiliza en Google Chrome en versiones anteriores a 47.0.2526.80, permite a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través ... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2015-6788 – chromium-browser: Type confusion in extensions
https://notcve.org/view.php?id=CVE-2015-6788
14 Dec 2015 — The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." La clase ObjectBackedNativeHandler en extensions/renderer/object_backed_native_handler.cc en el subsistema de extensiones en Google Chrome en versiones anteriores a 47.0.... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6789 – chromium-browser: Use-after free in Blink
https://notcve.org/view.php?id=CVE-2015-6789
14 Dec 2015 — Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion. Condición de carrera en la implementación MutationObserver en Blink, como se utiliza en Google Chrome en versiones anteriores a 47.0.2526.80, permite a atacantes remotos causar una denegación de servicio (uso después de liberación de memoria) o ... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6790 – chromium-browser: Escaping issue in saved pages
https://notcve.org/view.php?id=CVE-2015-6790
14 Dec 2015 — The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string. La función WebPageSerializerImpl::openTagToString en WebKit/Source/web/WebPageSerializerImpl.cpp en el serializador de página en Google Chrome ... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6791 – chromium-browser: Various fixes from internal audits, fuzzing and other initiatives
https://notcve.org/view.php?id=CVE-2015-6791
14 Dec 2015 — Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 47.0.2526.80 permite a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8478 – v8: multiple vulnerabilities fixed in 4.7.80.23
https://notcve.org/view.php?id=CVE-2015-8478
06 Dec 2015 — Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.73, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.7.80.23, como se utiliza en Google Chrome en versiones anteriores a 47.0.2526.73, permite a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8479 – chromium-browser: Various fixes from internal audits
https://notcve.org/view.php?id=CVE-2015-8479
06 Dec 2015 — Use-after-free vulnerability in the AudioOutputDevice::OnDeviceAuthorized function in media/audio/audio_output_device.cc in Google Chrome before 47.0.2526.73 allows attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering access to an unauthorized audio output device. Vulnerabilidad de uso después de liberación de memoria en la función AudioOutputDevice::OnDeviceAuthorized en media/audio/audio_output_device.cc en Google Chrome en versiones anter... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8480 – chromium-browser: Various fixes from internal audits
https://notcve.org/view.php?id=CVE-2015-8480
06 Dec 2015 — The VideoFramePool::PoolImpl::CreateFrame function in media/base/video_frame_pool.cc in Google Chrome before 47.0.2526.73 does not initialize memory for a video-frame data structure, which might allow remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact by leveraging improper interaction with the vp3_h_loop_filter_c function in libavcodec/vp3dsp.c in FFmpeg. La función VideoFramePool::PoolImpl::CreateFrame en media/base/video_frame_pool.cc en ... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-6783
https://notcve.org/view.php?id=CVE-2015-6783
06 Dec 2015 — The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows attackers to bypass a signature-validation requirement via a crafted ZIP archive. La función FindStartOffsetOfFileInZipFile en crazy_linker_zip.cpp en crazy_linker (también conocida como Crazy Linker) en Android 5.x y 6.x, como se utiliza en Google Chrome en versiones anteriores a 47.0... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html • CWE-20: Improper Input Validation •