CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2015-1210 – chromium-browser: cross-origin-bypass in V8 bindings
https://notcve.org/view.php?id=CVE-2015-1210
06 Feb 2015 — The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. La función V8ThrowException::createDOMException en bindings/core/v8/V8ThrowException.cpp en las vinculac... • http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9648 – Gentoo Linux Security Advisory 201502-13
https://notcve.org/view.php?id=CVE-2014-9648
27 Jan 2015 — components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205. components/navigation_interception/intercept_navigati... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1361 – Gentoo Linux Security Advisory 201502-13
https://notcve.org/view.php?id=CVE-2015-1361
27 Jan 2015 — platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document, a different vulnerability than CVE-2015-1205. platform/image-decoders/ImageFrame.h en Blink, utilizado en Google Chrome anterior a 40.0.2214.91, no inicializa una variable que se utiliza... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-17: DEPRECATED: Code •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1360 – Gentoo Linux Security Advisory 201502-13
https://notcve.org/view.php?id=CVE-2015-1360
27 Jan 2015 — Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and gpu/GrDistanceFieldTextContext.cpp, a different vulnerability than CVE-2015-1205. Skia, utilizado en Google Chrome anterior a 40.0.2214.91, permite a atacantes remotos causar una denegación de servicio (sobre lectura de buffer) o posiblem... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9646 – Gentoo Linux Security Advisory 201502-13
https://notcve.org/view.php?id=CVE-2014-9646
27 Jan 2015 — Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% directory, as demonstrated by program.exe, a different vulnerability than CVE-2015-1205. Vulnerabilidad de ruta de búsqueda de sin entrecomillar en la función GoogleChromeDistribution::DoPostUninsta... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-9647 – Gentoo Linux Security Advisory 201502-13
https://notcve.org/view.php?id=CVE-2014-9647
27 Jan 2015 — Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdk_mgr.cpp, a different vulnerability than CVE-2015-1205. Vulnerabilidad del uso después de liberación en PDFium, utilizado en Google Chrome anterior a 40.0.2214.91, permite a atacantes remotos causar una denegación de servicio o posiblemente tener ... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1359 – Gentoo Linux Security Advisory 201502-13
https://notcve.org/view.php?id=CVE-2015-1359
27 Jan 2015 — Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted PDF document, related to an "intra-object-overflow" issue, a different vulnerability than CVE-2015-1205. Múltiples errores de la superación de límite (off-by-one) en fpdfapi/fpdf_font/font_int.h en PDFium, utilizado en Google Chrome anterior a 40.0.2214.91, permiten a a... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7932 – chromium-browser: use-after-free in DOM
https://notcve.org/view.php?id=CVE-2014-7932
22 Jan 2015 — Use-after-free vulnerability in the Element::detach function in core/dom/Element.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving pending updates of detached elements. Vulnerabilidad de uso después de liberación en la función Element::detach en core/dom/Element.cpp en la implementación DOM en Blink, utilizado en Google Chrome anterior a 40.0.2214.91, permi... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2014-7923 – ICU: regexp engine missing look-behind expression range check
https://notcve.org/view.php?id=CVE-2014-7923
22 Jan 2015 — The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression. El paquete Regular Expressions en International Components for Unicode (ICU) 52 anterior a la versión SVN 292944, como es usada en Google Chrome anterior a la versión 40.0.2214.91, permite a lo... • http://advisories.mageia.org/MGASA-2015-0047.html • CWE-17: DEPRECATED: Code CWE-122: Heap-based Buffer Overflow •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 0CVE-2014-7945 – chromium-browser: out-of-bounds read in PDFium
https://notcve.org/view.php?id=CVE-2014-7945
22 Jan 2015 — OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c. OpenJPEG anterior a r2908, utilizado en PDFium en Google Chrome anterior a 40.0.2214.91, permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través dfe un documento PDF manipulado, relacionado con j2k.c, jp2.c, y t2.c. Chromium is an open-source web browser, ... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •