CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1292 – chromium-browser: Cross-origin bypass in ServiceWorker
https://notcve.org/view.php?id=CVE-2015-1292
03 Sep 2015 — The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker. Vulnerabilidad en la función NavigatorServiceWorker::serviceWorker en modules/serviceworkers/NavigatorServiceWorker.cpp en Blink, cómo se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos eludir the Same Origin Policy med... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1293 – chromium-browser: Cross-origin bypass in DOM
https://notcve.org/view.php?id=CVE-2015-1293
03 Sep 2015 — The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Vulnerabilidad en la implementación DOM en Blink, cómo se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos eludir the Same Origin Policy a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1294 – chromium-browser: Use-after-free in Skia
https://notcve.org/view.php?id=CVE-2015-1294
03 Sep 2015 — Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an infinite result during an inversion calculation. Vulnerabilidad de uso después de liberación en la memoria en la función SkMatrix::invertNonIdentity en core/SkMatrix.cpp en Skia, como se utiliza en Google Chrome... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1295 – chromium-browser: Use-after-free in Printing
https://notcve.org/view.php?id=CVE-2015-1295
03 Sep 2015 — Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC messages during preparation for printing, as demonstrated by messages associated with PDF documents in conjunction with messages about printer capabilities. Múltiples vulnerabilidades de uso después de liberación ... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1296 – chromium-browser: Character spoofing in omnibox
https://notcve.org/view.php?id=CVE-2015-1296
03 Sep 2015 — The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages. Vulnerabilidad en la implementación UnescapeURLWithAdjustmentsImpl en net/base/escape.cc en Google Chrome en versiones anteriores a ... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html • CWE-254: 7PK - Security Features •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1297 – chromium-browser: Permission scoping error in WebRequest
https://notcve.org/view.php?id=CVE-2015-1297
03 Sep 2015 — The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension. Vulnerabilidad en la implementación WebRequest API en extensions/browser/api/web_request/web_request_api.cc en Google Chrome en versiones anteriores a 45.0.2454.85, no considera correctamente una fue... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1299 – chromium-browser: Use-after-free in Blink
https://notcve.org/view.php?id=CVE-2015-1299
03 Sep 2015 — Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging erroneous timer firing, related to ThreadTimers.cpp and Timer.cpp. Vulnerabilidad de uso después de liberación en la memoria en la implementación shared-timer en Blink, como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos causar una de... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1300 – chromium-browser: Information leak in Blink
https://notcve.org/view.php?id=CVE-2015-1300
03 Sep 2015 — The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call. Vulnerabilidad en la función FrameFetchContext::updateTimingInfoForIFrameNavigation en core/loader/FrameFetchContext.cpp en Blink, como se utili... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1301 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2015-1301
03 Sep 2015 — Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6580
https://notcve.org/view.php?id=CVE-2015-6580
03 Sep 2015 — Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before 45.0.2454.85, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.5.103.29, como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html •