CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-1262 – chromium-browser: Uninitialized value in Blink.
https://notcve.org/view.php?id=CVE-2015-1262
20 May 2015 — platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text. platform/fonts/shaping/HarfBuzzShaper.cpp en Blink, utilizado en Google Chrome anterior a 43.0.2357.65, no inicializa cierto campo de anchura, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impact... • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html • CWE-17: DEPRECATED: Code CWE-456: Missing Initialization of a Variable •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-1255 – chromium-browser: Use-after-free in WebAudio.
https://notcve.org/view.php?id=CVE-2015-1255
20 May 2015 — Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track. Vulnerabilidad de uso después de liberación en content/renderer/media/webaudio_capturer_source.cc en la implementación WebAudio en Google Chrome anterior a 43.0.2357.65 per... • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-1260 – chromium-browser: Use-after-free in WebRTC.
https://notcve.org/view.php?id=CVE-2015-1260
20 May 2015 — Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request. Múltiples vulnerabilidades de uso después de liberación en content/renderer/media/user_media_client_impl.cc en la implementación WebRTC en Google Chrome anterior a 43.0.2357.6... • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1264 – chromium-browser: Cross-site scripting in bookmarks.
https://notcve.org/view.php?id=CVE-2015-1264
20 May 2015 — Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks feature. Vulnerabilidad de XSS en Google Chrome anterior a 43.0.2357.65 permite a atacantes remotos asistidos por usuario inyectar secuencias de comandos web arbitrarios o HTMl a través de datos manipulados que son manejados incorrectamente por la característica de favoritos (Bookmarks). Chromiu... • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1254 – chromium-browser: Cross-origin bypass in Editing.
https://notcve.org/view.php?id=CVE-2015-1254
20 May 2015 — core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing. core/dom/Document.cpp en Blink, utilizado en Google Chrome anterior a 43.0.2357.65, habilita la herencia del atributo designMode, lo que permite a atacantes remotos evadir Same Origin Policy mediante el aprovechamiento de la disponibilidad de la edición. Several security iss... • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 2%CPEs: 2EXPL: 0CVE-2015-1252 – chromium-browser: Sandbox escape in Chrome.
https://notcve.org/view.php?id=CVE-2015-1252
20 May 2015 — common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions. common/partial_circular_buffer.cc en Google Chrome anterior a 43.0.2357.65 no maneja correctamente los envoltorios, lo que pe... • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 0CVE-2015-1257 – chromium-browser: Container-overflow in SVG.
https://notcve.org/view.php?id=CVE-2015-1257
20 May 2015 — platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document. platform/graphics/filters/FEColorMatrix.cpp en la implementación SVG en Blink, utilizado en Google Chrome anterior a 43.0.2357.65, no maneja correctamente... • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 0CVE-2015-1258 – chromium-browser: Negative-size parameter in Libvpx.
https://notcve.org/view.php?id=CVE-2015-1258
20 May 2015 — Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data. Google Chrome anterior a 43.0.2357.65 depende de código libvpx que no fue construido con un valor --size-limit apropiado, lo que permite a atacantes remotos provocar un valor negativo para un... • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-1253 – chromium-browser: Cross-origin bypass in DOM.
https://notcve.org/view.php?id=CVE-2015-1253
20 May 2015 — core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions. core/html/parser/HTMLConstructionSite.cpp en la implementación DOM en Blink, utilizado en Google Chrome anterior a 43.0.2357.65, permite a atacantes remotos evadir Same Origin Policy a través de código Ja... • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-1259 – chromium-browser: Uninitialized value in PDFium.
https://notcve.org/view.php?id=CVE-2015-1259
20 May 2015 — PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. PDFium, utilizado en Google Chrome anterior a 43.0.2357.65, no inicializa la memoria correctamente, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. Chromium is an open-source web browser, power... • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html • CWE-17: DEPRECATED: Code CWE-456: Missing Initialization of a Variable •