CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6769 – chromium-browser: Cross-origin bypass in core
https://notcve.org/view.php?id=CVE-2015-6769
03 Dec 2015 — The provisional-load commit implementation in WebKit/Source/bindings/core/v8/WindowProxy.cpp in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy by leveraging a delay in window proxy clearing. La implementación del envío de carga provisional en WebKit/Source/bindings/core/v8/WindowProxy.cpp en Google Chrome en versiones anteriores a 47.0.2526.73 permite a atacantes remotos eludir la Same Origin Policy mediante el aprovechamiento de un retraso en la desactivación del... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6770 – chromium-browser: Cross-origin bypass in DOM
https://notcve.org/view.php?id=CVE-2015-6770
03 Dec 2015 — The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768. La implementación del DOM en Google Chrome en versiones anteriores a 47.0.2526.73 permite a atacantes remotos eludir la Same Origin Policy a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-6768. Multiple use-after-free bugs were discovered in the application cache implementation in Chromium. If... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1302 – chromium-browser: information leak in PDF viewer
https://notcve.org/view.php?id=CVE-2015-1302
11 Nov 2015 — The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc. El visor PDF en Google Chrome en versiones anteriores a 46.0.2490.86 no restringe adecuadamente mensajes de programación de secuencias de comandos y la exposición de la API, lo que permite a atacantes remotos eludir la Same Or... • http://googlechromereleases.blogspot.com/2015/11/stable-channel-update.html • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6755 – chromium-browser: cross-origin bypass in Blink
https://notcve.org/view.php?id=CVE-2015-6755
15 Oct 2015 — The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. La función ContainerNode::parserInsertBefore en core/dom/ContainerNode.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, procede con una inserció... • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html • CWE-264: Permissions, Privileges, and Access Controls CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2015-6756 – chromium-browser: use-after-free in PDFium
https://notcve.org/view.php?id=CVE-2015-6756
15 Oct 2015 — Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging mishandling of a focused annotation in a PDF document. Vulnerabilidad de uso después de liberación de memoria en la implementación CPDFSDK_PageView en fpdfsdk/src/fsdk_mgr.cpp en PDFium, como se utiliza en Google Chrome en ve... • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6757 – chromium-browser: Use-after-free in ServiceWorker
https://notcve.org/view.php?id=CVE-2015-6757
15 Oct 2015 — Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging object destruction in a callback. Vulnerabilidad de uso después de liberación de memoria en content/browser/service_worker/embedded_worker_instance.cc en la implementación ServiceWorker en Google Chrome en versiones anteriores a 46.0.2490.... • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2015-6758 – chromium-browser: Bad-cast in PDFium
https://notcve.org/view.php?id=CVE-2015-6758
15 Oct 2015 — The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. La función CPDF_Document::GetPage en fpdfapi/fpdf_parser/fpdf_parser_document.cpp en PDFium, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, no lleva a cabo cor... • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html • CWE-17: DEPRECATED: Code CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6759 – chromium-browser: Information leakage in LocalStorage
https://notcve.org/view.php?id=CVE-2015-6759
15 Oct 2015 — The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors involving a blob: URL. La función shouldTreatAsUniqueOrigin en platform/weborigin/SecurityOrigin.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, no asegura que el origen de un recurs... • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6760 – chromium-browser: Improper error handling in libANGLE
https://notcve.org/view.php?id=CVE-2015-6760
15 Oct 2015 — The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device. La función Image11::map en renderer/d3d/d3d11/Image11.cpp en libANGLE, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, no maneja correctamente los fa... • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html • CWE-17: DEPRECATED: Code •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6761 – chromium-browser: Memory corruption in FFMpeg
https://notcve.org/view.php?id=CVE-2015-6761
15 Oct 2015 — The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file. La función update_dimensions en libavcodec/vp8.c en FFmpeg hasta la versión 2.8.1, como se utiliza en Google Chrome en versiones ante... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=dabea74d0e82ea80cd344f630497cafcb3ef872c • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •