CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1297 – chromium-browser: Permission scoping error in WebRequest
https://notcve.org/view.php?id=CVE-2015-1297
03 Sep 2015 — The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension. Vulnerabilidad en la implementación WebRequest API en extensions/browser/api/web_request/web_request_api.cc en Google Chrome en versiones anteriores a 45.0.2454.85, no considera correctamente una fue... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html • CWE-254: 7PK - Security Features •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2015-1281 – chromium-browser: CSP bypass in unspecified component
https://notcve.org/view.php?id=CVE-2015-1281
23 Jul 2015 — core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source. Vulnerabilidad en core/loader/ImageLoader.cpp en Blink implementado en Google Chrome en versiones anteriores a la 44.0.2403.89, no determina adecuadamente el contexto V8 de una micro tarea, lo cual permite a atacantes remotos eludir la r... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0CVE-2015-1280 – chromium-browser: Memory corruption in skia
https://notcve.org/view.php?id=CVE-2015-1280
23 Jul 2015 — SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data. Vulnerabilidad en SkPictureShader.cpp de Skia usado en Google Chrome en versiones anteriores a la 44.0.2403.89. Permite a atacantes remotos causar una denegación de servicio mediante la corrupción de memoria o posiblemente tener otro impact... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2015-1287 – chromium-browser: SOP bypass with CSS in unspecified
https://notcve.org/view.php?id=CVE-2015-1287
23 Jul 2015 — Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp. Vulnerabilidad en Blink implementado en Google Chrome en versiones anteriores a la 44.0.2403.89, habilita una excepción en el quirks-mode que limita los casos en los que un ... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-17: DEPRECATED: Code •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1284 – chromium-browser: Use-after-free in blink.
https://notcve.org/view.php?id=CVE-2015-1284
23 Jul 2015 — The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements. Vulnerabilidad en la función LocalFrame::isURLAllowed en core/frame/LocalFrame.cpp en Blink impleme... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-20: Improper Input Validation CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2015-1289 – chromium-browser: Various fixes from internal audits, fuzzing and other initiatives
https://notcve.org/view.php?id=CVE-2015-1289
23 Jul 2015 — Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a la 44.0.2403.89, permite a atacantes causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. An uninitialized value issue was discovered in ICU. If a user were tricked in to opening a speciall... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html •
CVSS: 7.8EPSS: 3%CPEs: 9EXPL: 0CVE-2015-1270 – ICU: Uninitialized memory read fixed in Chrome 44.0.2403.89
https://notcve.org/view.php?id=CVE-2015-1270
23 Jul 2015 — The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file. Vulnerabilidad en la función ucnv_io_getConverterName en common/ucnv_io.cpp en International Components for Unicode (ICU), usadas en Google Chrome en ve... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-19: Data Processing Errors •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-1278 – chromium-browser: URL spoofing using pdf files in unspecified
https://notcve.org/view.php?id=CVE-2015-1278
23 Jul 2015 — content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf document. Vulnerabilidad en content/browser/web_contents/web_contents_impl.cc en Google Chrome en versiones anteriores a la 44.0.2403.89, no asegura que el diálogo modal de un documento PDF esté cerrado en la navega... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-254: 7PK - Security Features •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2015-1285 – chromium-browser: Information leak in XSS auditor.
https://notcve.org/view.php?id=CVE-2015-1285
23 Jul 2015 — The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack. Vulnerabilidad en la función XSSAuditor::canonicalize en core/html/parser/XSSAuditor.cpp en el auditor XSS en Blink, usado en Google Chrome en versiones anteriores a la 44.0.2403.89, no elige correctamente... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0CVE-2015-1274 – chromium-browser: Settings allowed executable files to run immediately after download in unsepcified
https://notcve.org/view.php?id=CVE-2015-1274
23 Jul 2015 — Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open files of this type" choice, related to download_commands.cc and download_prefs.cc. Vulnerabilidad en versiones anteriores a la 44.0.2403.89 de Google Chrome, no asegura que la lista de auto-apertura, omita todos los tipos de archivos peligrosos. Lo cual permite q... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-254: 7PK - Security Features •