CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7834
https://notcve.org/view.php?id=CVE-2015-7834
15 Oct 2015 — Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.6.85.23, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6759 – chromium-browser: Information leakage in LocalStorage
https://notcve.org/view.php?id=CVE-2015-6759
15 Oct 2015 — The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors involving a blob: URL. La función shouldTreatAsUniqueOrigin en platform/weborigin/SecurityOrigin.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, no asegura que el origen de un recurs... • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6755 – chromium-browser: cross-origin bypass in Blink
https://notcve.org/view.php?id=CVE-2015-6755
15 Oct 2015 — The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. La función ContainerNode::parserInsertBefore en core/dom/ContainerNode.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, procede con una inserció... • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html • CWE-264: Permissions, Privileges, and Access Controls CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2015-6763 – Google Chrome - open-vcdiff Out-of-Bounds Read in Browser Process Integer Overflow
https://notcve.org/view.php?id=CVE-2015-6763
15 Oct 2015 — Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 46.0.2490.71 permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. There is an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH co... • https://www.exploit-db.com/exploits/38763 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1303 – chromium-browser: Cross-origin bypass in DOM
https://notcve.org/view.php?id=CVE-2015-1303
30 Sep 2015 — bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element. bindings/core/v8/V8DOMWrapper.h en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.101, no realiza una acción de volver a lanzar para propagar información sobre una excepción cro... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1304 – chromium-browser: Cross-origin bypass in V8
https://notcve.org/view.php?id=CVE-2015-1304
30 Sep 2015 — object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call. object-observe.js en Google V8, tal como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.101, no restringe adecuadamente las llamadas a métodos en objetos de acceso verificado, lo que permite a atacantes remotos eludir la Same Origin Policy a t... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1292 – chromium-browser: Cross-origin bypass in ServiceWorker
https://notcve.org/view.php?id=CVE-2015-1292
03 Sep 2015 — The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker. Vulnerabilidad en la función NavigatorServiceWorker::serviceWorker en modules/serviceworkers/NavigatorServiceWorker.cpp en Blink, cómo se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos eludir the Same Origin Policy med... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6582
https://notcve.org/view.php?id=CVE-2015-6582
03 Sep 2015 — The decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not verify that a matrix inversion succeeded, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted web site. Vulnerabilidad en la función platform/transforms/TransformationMatrix.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, ... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html • CWE-254: 7PK - Security Features •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1298 – chromium-browser: URL validation error in extensions
https://notcve.org/view.php?id=CVE-2015-1298
03 Sep 2015 — The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to trigger access to an arbitrary URL via a crafted extension that is uninstalled. Vulnerabilidad en la función RuntimeEventRouter::OnExtensionUninstalled en extensions/browser/api/runtime/runtime_api.cc en Google Chrome en versiones an... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2015-6581
https://notcve.org/view.php?id=CVE-2015-6581
03 Sep 2015 — Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure. Vulnerabilidad de liberación doble en la función opj_j2k_copy_default_tcp_and_create_tcd en j2k.c en OpenJPEG en versiones anteriores a r3002, como se utiliza en PDFium en Google Chrome en ver... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html •