CVSS: 9.8EPSS: 2%CPEs: 14EXPL: 0CVE-2015-1209 – chromium-browser: use-after-free in DOM
https://notcve.org/view.php?id=CVE-2015-1209
06 Feb 2015 — Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor. Vulnerabilidad de uso después de liberación en la funci... • http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2015-1210 – chromium-browser: cross-origin-bypass in V8 bindings
https://notcve.org/view.php?id=CVE-2015-1210
06 Feb 2015 — The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. La función V8ThrowException::createDOMException en bindings/core/v8/V8ThrowException.cpp en las vinculac... • http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1360 – Gentoo Linux Security Advisory 201502-13
https://notcve.org/view.php?id=CVE-2015-1360
27 Jan 2015 — Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and gpu/GrDistanceFieldTextContext.cpp, a different vulnerability than CVE-2015-1205. Skia, utilizado en Google Chrome anterior a 40.0.2214.91, permite a atacantes remotos causar una denegación de servicio (sobre lectura de buffer) o posiblem... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9646 – Gentoo Linux Security Advisory 201502-13
https://notcve.org/view.php?id=CVE-2014-9646
27 Jan 2015 — Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% directory, as demonstrated by program.exe, a different vulnerability than CVE-2015-1205. Vulnerabilidad de ruta de búsqueda de sin entrecomillar en la función GoogleChromeDistribution::DoPostUninsta... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-9647 – Gentoo Linux Security Advisory 201502-13
https://notcve.org/view.php?id=CVE-2014-9647
27 Jan 2015 — Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdk_mgr.cpp, a different vulnerability than CVE-2015-1205. Vulnerabilidad del uso después de liberación en PDFium, utilizado en Google Chrome anterior a 40.0.2214.91, permite a atacantes remotos causar una denegación de servicio o posiblemente tener ... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1359 – Gentoo Linux Security Advisory 201502-13
https://notcve.org/view.php?id=CVE-2015-1359
27 Jan 2015 — Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted PDF document, related to an "intra-object-overflow" issue, a different vulnerability than CVE-2015-1205. Múltiples errores de la superación de límite (off-by-one) en fpdfapi/fpdf_font/font_int.h en PDFium, utilizado en Google Chrome anterior a 40.0.2214.91, permiten a a... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9648 – Gentoo Linux Security Advisory 201502-13
https://notcve.org/view.php?id=CVE-2014-9648
27 Jan 2015 — components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205. components/navigation_interception/intercept_navigati... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1361 – Gentoo Linux Security Advisory 201502-13
https://notcve.org/view.php?id=CVE-2015-1361
27 Jan 2015 — platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document, a different vulnerability than CVE-2015-1205. platform/image-decoders/ImageFrame.h en Blink, utilizado en Google Chrome anterior a 40.0.2214.91, no inicializa una variable que se utiliza... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-17: DEPRECATED: Code •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 0CVE-2014-7944 – chromium-browser: out-of-bounds read in PDFium
https://notcve.org/view.php?id=CVE-2014-7944
22 Jan 2015 — The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 40.0.2214.91, does not properly handle odd values of image width, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. La función sycc422_to_rgb en fxcodec/codec/fx_codec_jpx_opj.cpp en PDFium, utilizado en Google Chrome anterior a 40.0.2214.91, no maneja correctamente los valores impares de la anchura de imágenes, lo que permite a atacantes remo... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7925 – chromium-browser: use-after-free in WebAudio
https://notcve.org/view.php?id=CVE-2014-7925
22 Jan 2015 — Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode data is improperly maintained. Vulnerabilidad de uso después de liberación en la implementación WebAudio en Blink, utilizado en Google Chrome anterior a 40.0.2214.91, permite a atacantes remotos causar una denegación de servicio o ... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-416: Use After Free •