CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2015-1273 – chromium-browser: Heap-buffer-overflow in pdfium.
https://notcve.org/view.php?id=CVE-2015-1273
23 Jul 2015 — Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document. Vulnerabilidad de desbordamiento de buffer basada en memoria en j2k.c en OpenJPEG en sus versiones anteriores a r3002, implementado PDFium en Google Chrome en versiones anteriores a la 4.0.2403.89. Permite a atacantes remotos causar una denegación de ser... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2015-1277 – chromium-browser: Use-after-free in accessibility.
https://notcve.org/view.php?id=CVE-2015-1277
23 Jul 2015 — Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures. Vulnerabilidad de uso después de liberación de memoria en la implementación de accesibilidad en Google Chrome en versiones anteriores a la 44.0.2403.89. Permite a atacantes remotos causar una denegación de servicio o posiblemente... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2015-1275 – Gentoo Linux Security Advisory 201603-09
https://notcve.org/view.php?id=CVE-2015-1275
23 Jul 2015 — Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTML via a crafted intent: URL, as demonstrated by a trailing alert(document.cookie);// substring, aka "Universal XSS (UXSS)." Vulnerabilidad de XSS en org/chromium/chrome/browser/UrlUtilities.java en Google Chrome en versiones anteriores a la 44.0.2403.89 en Android. Permite a atacantes remotos inyectar arbitraria... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-1288 – chromium-browser: Spell checking dictionaries fetched over HTTP in unspecified
https://notcve.org/view.php?id=CVE-2015-1288
23 Jul 2015 — The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263. Vulnerabilidad en la implementación de Spellcheck API en Google Chrome en versiones anteriores a la 44.0.2403.89, no usa una sesión HTTPS para la descarga de un diccionario Hunspell, lo cual pe... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-17: DEPRECATED: Code •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2015-1272 – chromium-browser: Use-after-free related to unexpected GPU process termination in unspecified
https://notcve.org/view.php?id=CVE-2015-1272
23 Jul 2015 — Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChannelHost data structure during Blink shutdown, related to content/browser/gpu/browser_gpu_channel_host_factory.cc and content/renderer/render_thread_impl.cc. Vulnerabilidad de uso después de liberación de memoria en la implementación de procesos de la GPU en Google... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0CVE-2015-1282 – chromium-browser: Use-after-free in pdfium.
https://notcve.org/view.php?id=CVE-2015-1282
23 Jul 2015 — Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the (1) Document::delay and (2) Document::DoFieldDelay functions. Múltiples vulnerabilidades de uso después de liberación de memoria en fpdfsdk/src/javascript/Document.cpp en PDFium implementada en Google Chrome en versiones anteriores a la 44... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2015-1276 – chromium-browser: Use-after-free in IndexedDB.
https://notcve.org/view.php?id=CVE-2015-1276
23 Jul 2015 — Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation. Vulnerabilidad de uso después de liberación de memoria en content/browser/indexed_db/indexed_db_backing_store.cc, en la implementación de IndexedDB en Google Chrome en versiones anteriores a la 44.... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 0CVE-2015-1271 – chromium-browser: Heap-buffer-overflow in pdfium
https://notcve.org/view.php?id=CVE-2015-1271
23 Jul 2015 — PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted PDF document that triggers a large memory allocation. Vulnerabilidad en PDFium implementado en Google Chrome en versiones anteriores a la 44.0.2403.89, no maneja correctamente ciertas condiciones de out-of-memory, lo cual permite a atacantes remotos causa... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2015-1286 – chromium-browser: UXSS in blink.
https://notcve.org/view.php?id=CVE-2015-1286
23 Jul 2015 — Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink "Universal XSS (UXSS)." Vulnerabilidad de XSS en la función V8ContextNativeHandler::GetModuleSystem en extensions/renderer/v8_context_native_handler.cc en Google Chrome en versiones anteriore... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2015-1279 – chromium-browser: Heap-buffer-overflow in pdfium.
https://notcve.org/view.php?id=CVE-2015-1279
23 Jul 2015 — Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values. Desbordamiento de enteros en la función CJBig2_Image::expand en fxcodec/jbig2/JBig2_Image.cpp en PDFium implementado en Google Chrome en versiones anteriores a la 44.0.2403.89. Permite a atacantes remotos cau... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •