CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1299 – chromium-browser: Use-after-free in Blink
https://notcve.org/view.php?id=CVE-2015-1299
03 Sep 2015 — Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging erroneous timer firing, related to ThreadTimers.cpp and Timer.cpp. Vulnerabilidad de uso después de liberación en la memoria en la implementación shared-timer en Blink, como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos causar una de... • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 7.3EPSS: 3%CPEs: 27EXPL: 0CVE-2015-1283 – chromium-browser: Heap-buffer-overflow in expat.
https://notcve.org/view.php?id=CVE-2015-1283
23 Jul 2015 — Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. Múltiples vulnerabilidades de desbordamiento de entero en la función XML_GetBuffer en Expat hasta la versión 2.1.0 implementada en Chrome en versiones anteriores a la 44.0.2403.89 y otros... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2015-1275 – Gentoo Linux Security Advisory 201603-09
https://notcve.org/view.php?id=CVE-2015-1275
23 Jul 2015 — Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTML via a crafted intent: URL, as demonstrated by a trailing alert(document.cookie);// substring, aka "Universal XSS (UXSS)." Vulnerabilidad de XSS en org/chromium/chrome/browser/UrlUtilities.java en Google Chrome en versiones anteriores a la 44.0.2403.89 en Android. Permite a atacantes remotos inyectar arbitraria... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0CVE-2015-1282 – chromium-browser: Use-after-free in pdfium.
https://notcve.org/view.php?id=CVE-2015-1282
23 Jul 2015 — Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the (1) Document::delay and (2) Document::DoFieldDelay functions. Múltiples vulnerabilidades de uso después de liberación de memoria en fpdfsdk/src/javascript/Document.cpp en PDFium implementada en Google Chrome en versiones anteriores a la 44... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2015-5605 – chromium-browser: v8 denial of service
https://notcve.org/view.php?id=CVE-2015-5605
23 Jul 2015 — The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of a stack-overflow exception message. Vulnerabilidad en la implementación de expresiones regulares en Google V8 de Google Chrome en versiones anteriores a la 44.0.2403.89, no maneja correctamente las interrupciones... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-17: DEPRECATED: Code •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2015-1281 – chromium-browser: CSP bypass in unspecified component
https://notcve.org/view.php?id=CVE-2015-1281
23 Jul 2015 — core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source. Vulnerabilidad en core/loader/ImageLoader.cpp en Blink implementado en Google Chrome en versiones anteriores a la 44.0.2403.89, no determina adecuadamente el contexto V8 de una micro tarea, lo cual permite a atacantes remotos eludir la r... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2015-1277 – chromium-browser: Use-after-free in accessibility.
https://notcve.org/view.php?id=CVE-2015-1277
23 Jul 2015 — Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures. Vulnerabilidad de uso después de liberación de memoria en la implementación de accesibilidad en Google Chrome en versiones anteriores a la 44.0.2403.89. Permite a atacantes remotos causar una denegación de servicio o posiblemente... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-1278 – chromium-browser: URL spoofing using pdf files in unspecified
https://notcve.org/view.php?id=CVE-2015-1278
23 Jul 2015 — content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf document. Vulnerabilidad en content/browser/web_contents/web_contents_impl.cc en Google Chrome en versiones anteriores a la 44.0.2403.89, no asegura que el diálogo modal de un documento PDF esté cerrado en la navega... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-1288 – chromium-browser: Spell checking dictionaries fetched over HTTP in unspecified
https://notcve.org/view.php?id=CVE-2015-1288
23 Jul 2015 — The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263. Vulnerabilidad en la implementación de Spellcheck API en Google Chrome en versiones anteriores a la 44.0.2403.89, no usa una sesión HTTPS para la descarga de un diccionario Hunspell, lo cual pe... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-17: DEPRECATED: Code •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2015-1285 – chromium-browser: Information leak in XSS auditor.
https://notcve.org/view.php?id=CVE-2015-1285
23 Jul 2015 — The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack. Vulnerabilidad en la función XSSAuditor::canonicalize en core/html/parser/XSSAuditor.cpp en el auditor XSS en Blink, usado en Google Chrome en versiones anteriores a la 44.0.2403.89, no elige correctamente... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •