CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2015-5605 – chromium-browser: v8 denial of service
https://notcve.org/view.php?id=CVE-2015-5605
23 Jul 2015 — The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of a stack-overflow exception message. Vulnerabilidad en la implementación de expresiones regulares en Google V8 de Google Chrome en versiones anteriores a la 44.0.2403.89, no maneja correctamente las interrupciones... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-17: DEPRECATED: Code •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1266 – chromium-browser: Scheme validation error in WebUI
https://notcve.org/view.php?id=CVE-2015-1266
25 Jun 2015 — content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as demonstrated by use of http://gpu when there is a WebUI class for handling chrome://gpu requests. content/browser/webui/content_web_ui_controller_factory.cc en Google Chrome anterior a 43.0.2357.130 no considera corr... • http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html • CWE-254: 7PK - Security Features •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1267 – chromium-browser: Cross-origin bypass in Blink
https://notcve.org/view.php?id=CVE-2015-1267
25 Jun 2015 — Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink public API, related to WebArrayBufferConverter.cpp, WebBlob.cpp, WebDOMError.cpp, and WebDOMFileSystem.cpp. Blink, utilizado en Google Chrome anterior a 43.0.2357.130, no restringe correctamente el contexto de la creación durante la creación de un envoltorio DOM, lo ... • http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1269 – chromium-browser: Normalization error in HSTS/HPKP preload list
https://notcve.org/view.php?id=CVE-2015-1269
25 Jun 2015 — The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string that (1) ends in a . (dot) character or (2) is not entirely lowercase. La función DecodeHSTSPreloadRaw en net/http/transport_security_state.cc en Google Chrome anterior a 43.0.2357.130 no canonicaliza correctamente... • http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html • CWE-254: 7PK - Security Features •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1268 – chromium-browser: Cross-origin bypass in Blink
https://notcve.org/view.php?id=CVE-2015-1268
25 Jun 2015 — bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL. bindings/scripts/v8_types.py en Blink, utilizado en Google Chrome anterior a 43.0.2357.130, no selecciona correctamente un contexto de la creación para el envoltorio DOM de un valor de retorno, lo que permite a atacan... • http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html • CWE-254: 7PK - Security Features •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-1262 – chromium-browser: Uninitialized value in Blink.
https://notcve.org/view.php?id=CVE-2015-1262
20 May 2015 — platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text. platform/fonts/shaping/HarfBuzzShaper.cpp en Blink, utilizado en Google Chrome anterior a 43.0.2357.65, no inicializa cierto campo de anchura, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impact... • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html • CWE-17: DEPRECATED: Code CWE-456: Missing Initialization of a Variable •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-1255 – chromium-browser: Use-after-free in WebAudio.
https://notcve.org/view.php?id=CVE-2015-1255
20 May 2015 — Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track. Vulnerabilidad de uso después de liberación en content/renderer/media/webaudio_capturer_source.cc en la implementación WebAudio en Google Chrome anterior a 43.0.2357.65 per... • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-1260 – chromium-browser: Use-after-free in WebRTC.
https://notcve.org/view.php?id=CVE-2015-1260
20 May 2015 — Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request. Múltiples vulnerabilidades de uso después de liberación en content/renderer/media/user_media_client_impl.cc en la implementación WebRTC en Google Chrome anterior a 43.0.2357.6... • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1264 – chromium-browser: Cross-site scripting in bookmarks.
https://notcve.org/view.php?id=CVE-2015-1264
20 May 2015 — Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks feature. Vulnerabilidad de XSS en Google Chrome anterior a 43.0.2357.65 permite a atacantes remotos asistidos por usuario inyectar secuencias de comandos web arbitrarios o HTMl a través de datos manipulados que son manejados incorrectamente por la característica de favoritos (Bookmarks). Chromiu... • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1254 – chromium-browser: Cross-origin bypass in Editing.
https://notcve.org/view.php?id=CVE-2015-1254
20 May 2015 — core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing. core/dom/Document.cpp en Blink, utilizado en Google Chrome anterior a 43.0.2357.65, habilita la herencia del atributo designMode, lo que permite a atacantes remotos evadir Same Origin Policy mediante el aprovechamiento de la disponibilidad de la edición. Several security iss... • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html • CWE-264: Permissions, Privileges, and Access Controls •