CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1222 – chromium-browser: Use-after-free in service workers
https://notcve.org/view.php?id=CVE-2015-1222
05 Mar 2015 — Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a ServiceWorkerContextWrapper::DeleteAndStartOver call, related to the NotifyStartedCaching and NotifyFinishedCaching functions. Múltiples vulnerabilidades de uso después de liberación en la implem... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1223 – chromium-browser: Use-after-free in dom
https://notcve.org/view.php?id=CVE-2015-1223
05 Mar 2015 — Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change events, as demonstrated by events for invalid input or input to read-only fields, related to the initializeTypeInParsing and updateType functions. Múltiples vulnerabilidades de uso después de liberación en core/html/HTM... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1224 – chromium-browser: Out-of-bounds read in vpxdecoder
https://notcve.org/view.php?id=CVE-2015-1224
05 Mar 2015 — The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are identical to image dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted VPx video data. La función VpxVideoDecoder::VpxDecode en media/filters/vpx_video_decoder.cc en la implementación vpxdecoder en Google Chrome anterior a 41.0.2272.76 no asegura que las dimension... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-17: DEPRECATED: Code CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1225 – chromium-browser: Out-of-bounds read in pdfium
https://notcve.org/view.php?id=CVE-2015-1225
05 Mar 2015 — PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. PDFium, utilizado en Google Chrome anterior a 41.0.2272.76, permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1226 – chromium-browser: Validation issue in debugger
https://notcve.org/view.php?id=CVE-2015-1226
05 Mar 2015 — The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension. La función DebuggerFunction::InitAgentHost en browser/extensions/api/debugger/debugger_api.cc en Google Chrome anterior a 41.0.2272.76 no restringe correctamente qué URLs están disponibles como objetivos de depura... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1227 – chromium-browser: Uninitialized value in blink
https://notcve.org/view.php?id=CVE-2015-1227
05 Mar 2015 — The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which the default orientation cannot be used. La función DragImage::create en platform/DragImage.cpp en Blink, utilizado en Google Chrome anterior a 41.0.2272.76, no inicializa la memoria para la creación de imágenes, lo q... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-399: Resource Management Errors CWE-456: Missing Initialization of a Variable •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1228 – chromium-browser: Uninitialized value in rendering
https://notcve.org/view.php?id=CVE-2015-1228
05 Mar 2015 — The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence. La función RenderCounter::updateCounter en core/rendering/RenderCounter.cpp en Blink, utilizado ... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-399: Resource Management Errors CWE-456: Missing Initialization of a Variable •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-1229 – chromium-browser: Cookie injection in proxies
https://notcve.org/view.php?id=CVE-2015-1229
05 Mar 2015 — net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response. net/http/proxy_client_socket.cc en Google Chrome anterior a 41.0.2272.76 no maneja correctamente un código de estatus HTTP 407 (también conocido como Proxy Authentication Required) acompañado de una cabecera Set-Cookie, lo que pe... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-19: Data Processing Errors •
CVSS: 7.8EPSS: 3%CPEs: 7EXPL: 0CVE-2015-1230 – Google Chrome V8EventListenerList::findOrCreateWrapper Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1230
05 Mar 2015 — The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that adds an AudioContext event listener and triggers "type confusion." La función getHiddenProperty en bindings/core/v8/V8EventListenerList.h en Blink, utilizado en Google Chrome anterior a 41.0.2272.76, tiene un... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-1231 – chromium-browser: Various fixes from internal audits, fuzzing and other initiatives.
https://notcve.org/view.php?id=CVE-2015-1231
05 Mar 2015 — Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 41.0.2272.76 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html •