CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1219 – chromium-browser: Integer overflow in webgl
https://notcve.org/view.php?id=CVE-2015-1219
05 Mar 2015 — Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted allocation of a large amount of memory during WebGL rendering. Desbordamiento de enteros en la función SkMallocPixelRef::NewAllocate en core/SkMallocPixelRef.cpp en Skia, utilizado en Google Chrome anterior a 41.0.2272.76, permite a... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1220 – chromium-browser: Use-after-free in gif decoder
https://notcve.org/view.php?id=CVE-2015-1220
05 Mar 2015 — Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size in a GIF image. Vulnerabilidad de uso después de liberación en la función GIFImageReader::parseData en platform/image-decoders/gif/GIFImageReader.cpp en Blink, utilizado en Google Chrome anterior a 41.0.2272.76, per... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1221 – chromium-browser: Use-after-free in web databases
https://notcve.org/view.php?id=CVE-2015-1221
05 Mar 2015 — Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink's main thread, related to the shutdown function in web/WebKit.cpp. Vulnerabilidad de uso después de liberación en Blink, utilizado en Google Chrome anterior a 41.0.2272.76, permite a atacantes remotos causar una denegación de servicio o... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1222 – chromium-browser: Use-after-free in service workers
https://notcve.org/view.php?id=CVE-2015-1222
05 Mar 2015 — Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a ServiceWorkerContextWrapper::DeleteAndStartOver call, related to the NotifyStartedCaching and NotifyFinishedCaching functions. Múltiples vulnerabilidades de uso después de liberación en la implem... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1223 – chromium-browser: Use-after-free in dom
https://notcve.org/view.php?id=CVE-2015-1223
05 Mar 2015 — Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change events, as demonstrated by events for invalid input or input to read-only fields, related to the initializeTypeInParsing and updateType functions. Múltiples vulnerabilidades de uso después de liberación en core/html/HTM... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1224 – chromium-browser: Out-of-bounds read in vpxdecoder
https://notcve.org/view.php?id=CVE-2015-1224
05 Mar 2015 — The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are identical to image dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted VPx video data. La función VpxVideoDecoder::VpxDecode en media/filters/vpx_video_decoder.cc en la implementación vpxdecoder en Google Chrome anterior a 41.0.2272.76 no asegura que las dimension... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-17: DEPRECATED: Code CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1225 – chromium-browser: Out-of-bounds read in pdfium
https://notcve.org/view.php?id=CVE-2015-1225
05 Mar 2015 — PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. PDFium, utilizado en Google Chrome anterior a 41.0.2272.76, permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1226 – chromium-browser: Validation issue in debugger
https://notcve.org/view.php?id=CVE-2015-1226
05 Mar 2015 — The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension. La función DebuggerFunction::InitAgentHost en browser/extensions/api/debugger/debugger_api.cc en Google Chrome anterior a 41.0.2272.76 no restringe correctamente qué URLs están disponibles como objetivos de depura... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1227 – chromium-browser: Uninitialized value in blink
https://notcve.org/view.php?id=CVE-2015-1227
05 Mar 2015 — The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which the default orientation cannot be used. La función DragImage::create en platform/DragImage.cpp en Blink, utilizado en Google Chrome anterior a 41.0.2272.76, no inicializa la memoria para la creación de imágenes, lo q... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-399: Resource Management Errors CWE-456: Missing Initialization of a Variable •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1228 – chromium-browser: Uninitialized value in rendering
https://notcve.org/view.php?id=CVE-2015-1228
05 Mar 2015 — The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence. La función RenderCounter::updateCounter en core/rendering/RenderCounter.cpp en Blink, utilizado ... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-399: Resource Management Errors CWE-456: Missing Initialization of a Variable •