CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1223 – chromium-browser: Use-after-free in dom
https://notcve.org/view.php?id=CVE-2015-1223
05 Mar 2015 — Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change events, as demonstrated by events for invalid input or input to read-only fields, related to the initializeTypeInParsing and updateType functions. Múltiples vulnerabilidades de uso después de liberación en core/html/HTM... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1216 – chromium-browser: Use-after-free in v8 bindings
https://notcve.org/view.php?id=CVE-2015-1216
05 Mar 2015 — Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a frame detachment. Vulnerabilidad de uso después de liberación en la función V8Window::namedPropertyGetterCustom en bindings/core/v8/custom/V8WindowCustom.cpp en los enlaces V8 en Blink, ut... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2015-1211 – chromium-browser: privilege escalation in service workers
https://notcve.org/view.php?id=CVE-2015-1211
06 Feb 2015 — The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI. La función OriginCanAccessServiceWorkers en content/browser/service_worker/service_worker_dispatcher_host.cc en Google Chrome anterior a 40.0.2214.1... • http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2015-1212 – chromium-browser: various security fixes in Chrome 40.0.2214.111
https://notcve.org/view.php?id=CVE-2015-1212
06 Feb 2015 — Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificados en Google Chrome before 40.0.2214.111 en Windows, OS X, y Linux y anterior a 40.0.2214.109 en Android permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. A use-a... • http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html •
CVSS: 9.8EPSS: 2%CPEs: 14EXPL: 0CVE-2015-1209 – chromium-browser: use-after-free in DOM
https://notcve.org/view.php?id=CVE-2015-1209
06 Feb 2015 — Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor. Vulnerabilidad de uso después de liberación en la funci... • http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2015-1210 – chromium-browser: cross-origin-bypass in V8 bindings
https://notcve.org/view.php?id=CVE-2015-1210
06 Feb 2015 — The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. La función V8ThrowException::createDOMException en bindings/core/v8/V8ThrowException.cpp en las vinculac... • http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9648 – Gentoo Linux Security Advisory 201502-13
https://notcve.org/view.php?id=CVE-2014-9648
27 Jan 2015 — components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205. components/navigation_interception/intercept_navigati... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1361 – Gentoo Linux Security Advisory 201502-13
https://notcve.org/view.php?id=CVE-2015-1361
27 Jan 2015 — platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document, a different vulnerability than CVE-2015-1205. platform/image-decoders/ImageFrame.h en Blink, utilizado en Google Chrome anterior a 40.0.2214.91, no inicializa una variable que se utiliza... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-17: DEPRECATED: Code •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1360 – Gentoo Linux Security Advisory 201502-13
https://notcve.org/view.php?id=CVE-2015-1360
27 Jan 2015 — Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and gpu/GrDistanceFieldTextContext.cpp, a different vulnerability than CVE-2015-1205. Skia, utilizado en Google Chrome anterior a 40.0.2214.91, permite a atacantes remotos causar una denegación de servicio (sobre lectura de buffer) o posiblem... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9646 – Gentoo Linux Security Advisory 201502-13
https://notcve.org/view.php?id=CVE-2014-9646
27 Jan 2015 — Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% directory, as demonstrated by program.exe, a different vulnerability than CVE-2015-1205. Vulnerabilidad de ruta de búsqueda de sin entrecomillar en la función GoogleChromeDistribution::DoPostUninsta... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-264: Permissions, Privileges, and Access Controls •