CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2015-3335
https://notcve.org/view.php?id=CVE-2015-3335
19 Apr 2015 — The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits for Native Client (aka NaCl) processes, which might make it easier for remote attackers to conduct row-hammer attacks or have unspecified other impact by leveraging the ability to run a crafted program in the NaCl sandbox. La función NaClSandbox::InitializeLayerTwoSandbox en components/nacl/loader/sandbox_linux/n... • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-3333 – Debian Security Advisory 3238-1
https://notcve.org/view.php?id=CVE-2015-3333
19 Apr 2015 — Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 anterior a 4.2.77.14, utilizado en Google Chrome anterior a 42.0.2311.90, permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. An issue was discovered in the HTML parser in B... • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2015-3334 – Debian Security Advisory 3238-1
https://notcve.org/view.php?id=CVE-2015-3334
19 Apr 2015 — browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive video data from a device's physical environment via a crafted web site that turns on the camera at a time when the user believes that camera access is prohibited. browser/ui/website_settings/website_settings.cc en ... • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html • CWE-17: DEPRECATED: Code •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2015-3336 – Debian Security Advisory 3238-1
https://notcve.org/view.php?id=CVE-2015-3336
19 Apr 2015 — Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document containing JavaScript code with requestFullScreen and requestPointerLock calls, and arranging for the user to access this document with a file: URL. Google Chrome anterior a 42.0.2311.90 no siempre pregunta al usuario a... • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 4%CPEs: 2EXPL: 0CVE-2015-1246 – chromium-browser: Out-of-bounds read in Blink
https://notcve.org/view.php?id=CVE-2015-1246
17 Apr 2015 — Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Blink, utilizado en Google Chrome anterior a 42.0.2311.90, permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados. Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could c... • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 2%CPEs: 5EXPL: 0CVE-2015-1238 – chromium-browser: Out-of-bounds write in Skia
https://notcve.org/view.php?id=CVE-2015-1238
17 Apr 2015 — Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. Skia, utilizado en Google Chrome anterior a 42.0.2311.90, permite a atacantes remotos causar una denegación de servicio (escritura fuera de rango) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the... • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1235 – chromium-browser: Cross-origin-bypass in HTML parser
https://notcve.org/view.php?id=CVE-2015-1235
17 Apr 2015 — The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element. La función ContainerNode::parserRemoveChild en core/dom/ContainerNode.cpp en el analizador sintáctico de HTML en Blink, utilizado en Google Chrome anterior a 42.0.2311.90, permite a atacantes remotos evadir Same Origin Policy a través de un documento H... • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html • CWE-264: Permissions, Privileges, and Access Controls CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1249 – chromium-browser: Various fixes from internal audits, fuzzing and other initiatives
https://notcve.org/view.php?id=CVE-2015-1249
17 Apr 2015 — Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 42.0.2311.90 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web... • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1248 – chromium-browser: SafeBrowsing bypass
https://notcve.org/view.php?id=CVE-2015-1248
17 Apr 2015 — The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL. La API FileSystem en Google Chrome anterior a 40.0.2214.91 permite a atacantes remotos evadir el mecanismo de protección de la navegación segura para ficheros ejecutables (SafeBrowsing for Executable Files) mediante la creación de un fichero .exe en un ... • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html • CWE-264: Permissions, Privileges, and Access Controls CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-1245 – chromium-browser: Use-after-free in PDFium
https://notcve.org/view.php?id=CVE-2015-1245
17 Apr 2015 — Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering interaction with a PDFium "Open PDF in Reader" button that has an invalid tab association. Vulnerabilidad de uso después de liberación en la función OpenPDFInReaderView::Update en browser/u... • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html • CWE-416: Use After Free •