CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6755 – chromium-browser: cross-origin bypass in Blink
https://notcve.org/view.php?id=CVE-2015-6755
15 Oct 2015 — The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. La función ContainerNode::parserInsertBefore en core/dom/ContainerNode.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, procede con una inserció... • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html • CWE-264: Permissions, Privileges, and Access Controls CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2015-6756 – chromium-browser: use-after-free in PDFium
https://notcve.org/view.php?id=CVE-2015-6756
15 Oct 2015 — Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging mishandling of a focused annotation in a PDF document. Vulnerabilidad de uso después de liberación de memoria en la implementación CPDFSDK_PageView en fpdfsdk/src/fsdk_mgr.cpp en PDFium, como se utiliza en Google Chrome en ve... • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6757 – chromium-browser: Use-after-free in ServiceWorker
https://notcve.org/view.php?id=CVE-2015-6757
15 Oct 2015 — Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging object destruction in a callback. Vulnerabilidad de uso después de liberación de memoria en content/browser/service_worker/embedded_worker_instance.cc en la implementación ServiceWorker en Google Chrome en versiones anteriores a 46.0.2490.... • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2015-6758 – chromium-browser: Bad-cast in PDFium
https://notcve.org/view.php?id=CVE-2015-6758
15 Oct 2015 — The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. La función CPDF_Document::GetPage en fpdfapi/fpdf_parser/fpdf_parser_document.cpp en PDFium, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, no lleva a cabo cor... • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html • CWE-17: DEPRECATED: Code CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6759 – chromium-browser: Information leakage in LocalStorage
https://notcve.org/view.php?id=CVE-2015-6759
15 Oct 2015 — The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors involving a blob: URL. La función shouldTreatAsUniqueOrigin en platform/weborigin/SecurityOrigin.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, no asegura que el origen de un recurs... • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6760 – chromium-browser: Improper error handling in libANGLE
https://notcve.org/view.php?id=CVE-2015-6760
15 Oct 2015 — The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device. La función Image11::map en renderer/d3d/d3d11/Image11.cpp en libANGLE, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, no maneja correctamente los fa... • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html • CWE-17: DEPRECATED: Code •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6761 – chromium-browser: Memory corruption in FFMpeg
https://notcve.org/view.php?id=CVE-2015-6761
15 Oct 2015 — The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file. La función update_dimensions en libavcodec/vp8.c en FFmpeg hasta la versión 2.8.1, como se utiliza en Google Chrome en versiones ante... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=dabea74d0e82ea80cd344f630497cafcb3ef872c • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6762 – chromium-browser: CORS bypass in CSS fonts
https://notcve.org/view.php?id=CVE-2015-6762
15 Oct 2015 — The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows remote web servers to bypass the Same Origin Policy via a redirect. La función CSSFontFaceSrcValue::fetch en core/css/CSSFontFaceSrcValue.cpp en la implementación Cascading Style Sheets (CSS) en Blink, como se ut... • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1CVE-2015-6763 – Google Chrome - open-vcdiff Out-of-Bounds Read in Browser Process Integer Overflow
https://notcve.org/view.php?id=CVE-2015-6763
15 Oct 2015 — Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 46.0.2490.71 permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. There is an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH co... • https://www.exploit-db.com/exploits/38763 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1303 – chromium-browser: Cross-origin bypass in DOM
https://notcve.org/view.php?id=CVE-2015-1303
30 Sep 2015 — bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element. bindings/core/v8/V8DOMWrapper.h en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.101, no realiza una acción de volver a lanzar para propagar información sobre una excepción cro... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html • CWE-20: Improper Input Validation CWE-284: Improper Access Control •