CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2015-6778 – chromium-browser: Out of bounds access in PDFium
https://notcve.org/view.php?id=CVE-2015-6778
03 Dec 2015 — The CJBig2_SymbolDict class in fxcodec/jbig2/JBig2_SymbolDict.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a PDF document containing crafted data with JBIG2 compression. La clase CJBig2_SymbolDict en fxcodec/jbig2/JBig2_SymbolDict.cpp en PDFium, como se utiliza en Google Chrome en versiones anteriores a 47.0.2526.73, permite a atacantes remotos causar una denegació... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6779 – chromium-browser: Scheme bypass in PDFium
https://notcve.org/view.php?id=CVE-2015-6779
03 Dec 2015 — PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a chrome://settings URL. PDFium, como se utiliza en Google Chrome en versiones anteriores a 47.0.2526.73, no restringe adecuadamente el uso de chrome: URLs, lo que permite a atacantes remotos eludir las restricciones de esquema previstas a través de un documento PDF m... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6780 – chromium-browser: Use-after-free in Infobars
https://notcve.org/view.php?id=CVE-2015-6780
03 Dec 2015 — Use-after-free vulnerability in the Infobars implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site, related to browser/ui/views/website_settings/website_settings_popup_view.cc. Vulnerabilidad de uso después de liberación de memoria en la implementación de Infobars en Google Chrome en versiones anteriores a 47.0.2526.73 permite a atacantes remotos causar una denegación de servicio o posiblement... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6781 – chromium-browser: Integer overflow in Sfntly
https://notcve.org/view.php?id=CVE-2015-6781
03 Dec 2015 — Integer overflow in the FontData::Bound function in data/font_data.cc in Google sfntly, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted offset or length value within font data in an SFNT container. Desbordamiento de entero en la función FontData::Bound en data/font_data.cc en Google sfntly, como se utiliza en Google Chrome en versiones anteriores a 47.0.2526.73, permite a atacantes remotos causar una d... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6782 – chromium-browser: Content spoofing in Omnibox
https://notcve.org/view.php?id=CVE-2015-6782
03 Dec 2015 — The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, which makes it easier for remote attackers to spoof Omnibox content via a crafted web site. La función Document::open en WebKit/Source/core/dom/Document.cpp en Google Chrome en versiones anteriores a 47.0.2526.73 no asegura que el manejo de eventos page-dismissal sea compatible con el bloqueo modal-dialog, lo que ... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6784 – chromium-browser: Escaping issue in saved pages
https://notcve.org/view.php?id=CVE-2015-6784
03 Dec 2015 — The page serializer in Google Chrome before 47.0.2526.73 mishandles Mark of the Web (MOTW) comments for URLs containing a "--" sequence, which might allow remote attackers to inject HTML via a crafted URL, as demonstrated by an initial http://example.com?-- substring. El serializador de página en Google Chrome en versiones anteriores a 47.0.2526.73 no maneja correctamente los comentarios Mark de la Web (MOTW) para URLs que contienen una secuencia '--', lo que puede permitir a atacantes remotos inyectar HTML... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6785 – chromium-browser: Wildcard matching issue in CSP
https://notcve.org/view.php?id=CVE-2015-6785
03 Dec 2015 — The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a *.x.y pattern, which might allow remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a policy that was intended to be specific to subdomains. La función CSPSource::hostMatches en WebKit/Source/core/frame/csp/CSPSource.cpp en la implementación de la Co... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6786 – chromium-browser: Scheme bypass in CSP
https://notcve.org/view.php?id=CVE-2015-6786
03 Dec 2015 — The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, or filesystem: URL as a match for a * pattern, which allows remote attackers to bypass intended scheme restrictions in opportunistic circumstances by leveraging a policy that relies on this pattern. La función CSPSourceList::matches en WebKit/Source/core/frame/csp/CSPSourceList.cpp en la implementación de la Con... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1302 – chromium-browser: information leak in PDF viewer
https://notcve.org/view.php?id=CVE-2015-1302
11 Nov 2015 — The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc. El visor PDF en Google Chrome en versiones anteriores a 46.0.2490.86 no restringe adecuadamente mensajes de programación de secuencias de comandos y la exposición de la API, lo que permite a atacantes remotos eludir la Same Or... • http://googlechromereleases.blogspot.com/2015/11/stable-channel-update.html • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7834
https://notcve.org/view.php?id=CVE-2015-7834
15 Oct 2015 — Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.6.85.23, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html •