CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6760 – chromium-browser: Improper error handling in libANGLE
https://notcve.org/view.php?id=CVE-2015-6760
15 Oct 2015 — The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device. La función Image11::map en renderer/d3d/d3d11/Image11.cpp en libANGLE, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, no maneja correctamente los fa... • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html • CWE-17: DEPRECATED: Code •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6761 – chromium-browser: Memory corruption in FFMpeg
https://notcve.org/view.php?id=CVE-2015-6761
15 Oct 2015 — The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file. La función update_dimensions en libavcodec/vp8.c en FFmpeg hasta la versión 2.8.1, como se utiliza en Google Chrome en versiones ante... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=dabea74d0e82ea80cd344f630497cafcb3ef872c • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6762 – chromium-browser: CORS bypass in CSS fonts
https://notcve.org/view.php?id=CVE-2015-6762
15 Oct 2015 — The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows remote web servers to bypass the Same Origin Policy via a redirect. La función CSSFontFaceSrcValue::fetch en core/css/CSSFontFaceSrcValue.cpp en la implementación Cascading Style Sheets (CSS) en Blink, como se ut... • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1CVE-2015-6763 – Google Chrome - open-vcdiff Out-of-Bounds Read in Browser Process Integer Overflow
https://notcve.org/view.php?id=CVE-2015-6763
15 Oct 2015 — Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 46.0.2490.71 permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. There is an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH co... • https://www.exploit-db.com/exploits/38763 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1303 – chromium-browser: Cross-origin bypass in DOM
https://notcve.org/view.php?id=CVE-2015-1303
30 Sep 2015 — bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element. bindings/core/v8/V8DOMWrapper.h en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.101, no realiza una acción de volver a lanzar para propagar información sobre una excepción cro... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1304 – chromium-browser: Cross-origin bypass in V8
https://notcve.org/view.php?id=CVE-2015-1304
30 Sep 2015 — object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call. object-observe.js en Google V8, tal como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.101, no restringe adecuadamente las llamadas a métodos en objetos de acceso verificado, lo que permite a atacantes remotos eludir la Same Origin Policy a t... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html • CWE-284: Improper Access Control •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1298 – chromium-browser: URL validation error in extensions
https://notcve.org/view.php?id=CVE-2015-1298
03 Sep 2015 — The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to trigger access to an arbitrary URL via a crafted extension that is uninstalled. Vulnerabilidad en la función RuntimeEventRouter::OnExtensionUninstalled en extensions/browser/api/runtime/runtime_api.cc en Google Chrome en versiones an... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html • CWE-254: 7PK - Security Features •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1291 – chromium-browser: Cross-origin bypass in DOM
https://notcve.org/view.php?id=CVE-2015-1291
03 Sep 2015 — The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements. Vulnerabilidad en la función ContainerNode::parserRemoveChild en core/dom/ContainerNode.cpp en Blink, cómo se utiliza en Google Chrome en versiones anteriores... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1292 – chromium-browser: Cross-origin bypass in ServiceWorker
https://notcve.org/view.php?id=CVE-2015-1292
03 Sep 2015 — The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker. Vulnerabilidad en la función NavigatorServiceWorker::serviceWorker en modules/serviceworkers/NavigatorServiceWorker.cpp en Blink, cómo se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos eludir the Same Origin Policy med... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1293 – chromium-browser: Cross-origin bypass in DOM
https://notcve.org/view.php?id=CVE-2015-1293
03 Sep 2015 — The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Vulnerabilidad en la implementación DOM en Blink, cómo se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos eludir the Same Origin Policy a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html • CWE-264: Permissions, Privileges, and Access Controls •