CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1300 – chromium-browser: Information leak in Blink
https://notcve.org/view.php?id=CVE-2015-1300
03 Sep 2015 — The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call. Vulnerabilidad en la función FrameFetchContext::updateTimingInfoForIFrameNavigation en core/loader/FrameFetchContext.cpp en Blink, como se utili... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1301 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2015-1301
03 Sep 2015 — Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6580
https://notcve.org/view.php?id=CVE-2015-6580
03 Sep 2015 — Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before 45.0.2454.85, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.5.103.29, como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 0CVE-2015-6581
https://notcve.org/view.php?id=CVE-2015-6581
03 Sep 2015 — Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure. Vulnerabilidad de liberación doble en la función opj_j2k_copy_default_tcp_and_create_tcd en j2k.c en OpenJPEG en versiones anteriores a r3002, como se utiliza en PDFium en Google Chrome en ver... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6582
https://notcve.org/view.php?id=CVE-2015-6582
03 Sep 2015 — The decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not verify that a matrix inversion succeeded, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted web site. Vulnerabilidad en la función platform/transforms/TransformationMatrix.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, ... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html • CWE-254: 7PK - Security Features •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6583
https://notcve.org/view.php?id=CVE-2015-6583
03 Sep 2015 — Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hosted_app_browser_controller.cc. Vulnerabilidad en Google Chrome en versiones anteriores a 45.0.2454.85, no muestra una barra de localización para la ventana de una aplicación alojada después de la navegación fuera de la página de instalación, lo que podría f... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2015-1276 – chromium-browser: Use-after-free in IndexedDB.
https://notcve.org/view.php?id=CVE-2015-1276
23 Jul 2015 — Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation. Vulnerabilidad de uso después de liberación de memoria en content/browser/indexed_db/indexed_db_backing_store.cc, en la implementación de IndexedDB en Google Chrome en versiones anteriores a la 44.... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2015-5605 – chromium-browser: v8 denial of service
https://notcve.org/view.php?id=CVE-2015-5605
23 Jul 2015 — The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of a stack-overflow exception message. Vulnerabilidad en la implementación de expresiones regulares en Google V8 de Google Chrome en versiones anteriores a la 44.0.2403.89, no maneja correctamente las interrupciones... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-17: DEPRECATED: Code •
CVSS: 7.8EPSS: 3%CPEs: 9EXPL: 0CVE-2015-1270 – ICU: Uninitialized memory read fixed in Chrome 44.0.2403.89
https://notcve.org/view.php?id=CVE-2015-1270
23 Jul 2015 — The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file. Vulnerabilidad en la función ucnv_io_getConverterName en common/ucnv_io.cpp en International Components for Unicode (ICU), usadas en Google Chrome en ve... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-19: Data Processing Errors •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 0CVE-2015-1271 – chromium-browser: Heap-buffer-overflow in pdfium
https://notcve.org/view.php?id=CVE-2015-1271
23 Jul 2015 — PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted PDF document that triggers a large memory allocation. Vulnerabilidad en PDFium implementado en Google Chrome en versiones anteriores a la 44.0.2403.89, no maneja correctamente ciertas condiciones de out-of-memory, lo cual permite a atacantes remotos causa... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •