CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1224 – chromium-browser: Out-of-bounds read in vpxdecoder
https://notcve.org/view.php?id=CVE-2015-1224
05 Mar 2015 — The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are identical to image dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted VPx video data. La función VpxVideoDecoder::VpxDecode en media/filters/vpx_video_decoder.cc en la implementación vpxdecoder en Google Chrome anterior a 41.0.2272.76 no asegura que las dimension... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-17: DEPRECATED: Code CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-1231 – chromium-browser: Various fixes from internal audits, fuzzing and other initiatives.
https://notcve.org/view.php?id=CVE-2015-1231
05 Mar 2015 — Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 41.0.2272.76 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. Several out-of-bounds write bugs were discovered in Skia. If a user were tricked in to opening a specially crafted website, an attack... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1221 – chromium-browser: Use-after-free in web databases
https://notcve.org/view.php?id=CVE-2015-1221
05 Mar 2015 — Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink's main thread, related to the shutdown function in web/WebKit.cpp. Vulnerabilidad de uso después de liberación en Blink, utilizado en Google Chrome anterior a 41.0.2272.76, permite a atacantes remotos causar una denegación de servicio o... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1217 – chromium-browser: Type confusion in v8 bindings
https://notcve.org/view.php?id=CVE-2015-1217
05 Mar 2015 — The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." La función V8LazyEventListener::prepareListenerObject en bindings/core/v8/V8LazyEventListener.cpp en los enlaces V8 en Blink, utilizado en Google Chrome an... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-17: DEPRECATED: Code CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2014-9654 – icu: insufficient size limit checks in regular expression compiler
https://notcve.org/view.php?id=CVE-2014-9654
05 Mar 2015 — The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923. El paquete Regular Expressions en International Components para Unicode (ICU) for C/C++ en ... • http://bugs.icu-project.org/trac/changeset/36801 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1226 – chromium-browser: Validation issue in debugger
https://notcve.org/view.php?id=CVE-2015-1226
05 Mar 2015 — The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension. La función DebuggerFunction::InitAgentHost en browser/extensions/api/debugger/debugger_api.cc en Google Chrome anterior a 41.0.2272.76 no restringe correctamente qué URLs están disponibles como objetivos de depura... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2015-1214 – chromium-browser: Out-of-bounds write in skia filters
https://notcve.org/view.php?id=CVE-2015-1214
05 Mar 2015 — Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset action with a large count value, leading to an out-of-bounds write operation. Desbordamiento de enteros en la implementación SkAutoSTArray en include/core/SkTemplates.h en la implementación de filtrado en Skia, utili... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1215 – chromium-browser: Out-of-bounds write in skia filters
https://notcve.org/view.php?id=CVE-2015-1215
05 Mar 2015 — The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation. La implementación de filtrado en Skia, utilizado en Google Chrome anterior a 41.0.2272.76, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que provocan una operación de escritura fuera de ran... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-1229 – chromium-browser: Cookie injection in proxies
https://notcve.org/view.php?id=CVE-2015-1229
05 Mar 2015 — net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response. net/http/proxy_client_socket.cc en Google Chrome anterior a 41.0.2272.76 no maneja correctamente un código de estatus HTTP 407 (también conocido como Proxy Authentication Required) acompañado de una cabecera Set-Cookie, lo que pe... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-19: Data Processing Errors •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1220 – chromium-browser: Use-after-free in gif decoder
https://notcve.org/view.php?id=CVE-2015-1220
05 Mar 2015 — Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size in a GIF image. Vulnerabilidad de uso después de liberación en la función GIFImageReader::parseData en platform/image-decoders/gif/GIFImageReader.cpp en Blink, utilizado en Google Chrome anterior a 41.0.2272.76, per... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-416: Use After Free •