Page 3 of 55 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buffer/service/query_manager.cc in Google Chrome, as used in Google Chrome OS before 33.0.1750.152, does not check whether a certain position is within the bounds of a shared-memory segment, which allows remote attackers to cause a denial of service (GPU command-buffer memory corruption) or possibly have unspecified other impact via unknown vectors. La función AsyncPixelTransfersCompletedQuery::End en gpu/command_buffer/service/query_manager.cc en Google Chrome, utilizado en Google Chrome OS anterior a 33.0.1750.152, no comprueba si cierta posición está dentro de los límites de un segmento de memoria compartida, lo que permite a atacantes remotos causar una denegación de servicio (corrupción de memoria de comando de buffer de GPU) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html https://code.google.com/p/chromium/issues/detail?id=351852 https://src.chromium.org/viewvc/chrome?revision=256723&view=revision https://src.chromium.org/viewvc/chrome?revision=256918&view=revision • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0

The boot implementation in Google Chrome OS before 33.0.1750.152 does not properly consider file persistence, which allows remote attackers to execute arbitrary code via unspecified vectors. La implementación boot en Google Chrome OS anterior a 33.0.1750.152 no considera debidamente persistencia de archivo, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html https://code.google.com/p/chromium/issues/detail?id=344051 •

CVSS: 4.3EPSS: 0%CPEs: 88EXPL: 0

The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property. El plugin Flash en Google Chrome anterior 27.0.1453.116 no determinar correctamente si un usuario desea autorizar el acceso de una aplicación Flash a la cámara o micrófono, que permite a atacantes remotos obtener información sensible del entorno físico de una máquina a través de ataques de clickjacking, como se demuestra por un ataque con una hoja de estilos (CSS) modificada en la propiedad de opacidad. • http://googlechromereleases.blogspot.com/2013/06/stable-channel-update-for-chrome-os.html http://googlechromereleases.blogspot.com/2013/06/stable-channel-update_18.html http://habrahabr.ru/post/182706 https://code.google.com/p/chromium/issues/detail?id=249335 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16693 https://src.chromium.org/viewvc/chrome?revision=206188&view=revision • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 0%CPEs: 54EXPL: 0

Use-after-free vulnerability in the O3D plug-in in Google Chrome OS before 26.0.1410.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper management of ownership relationships involving Elements and DrawElements. Vulnerabilidad usar-despues-de-liberar en el plug-in 03D en Google Chrome OS anterior a v26.0.1410.57 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado mediante vectores relacionados con el manejo inadecuado de las relaciones de propiedad comprenden Elements y DrawElements. • http://git.chromium.org/gitweb/?p=chromiumos/overlays/chromiumos-overlay.git%3Ba=commit%3Bh=9181705680e1f53fd1e895ebe84c1b7f18c5c380 http://googlechromereleases.blogspot.com/2013/04/stable-channel-update-for-chrome-os.html https://code.google.com/p/chromium/issues/detail?id=227181 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 54EXPL: 0

Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835. Google Chrome OS anterior a v26.0.1410.57 no fuerza correctamente las restricciones de origen para el O3D y el plugin Google Talk, permitiendo a atacantes remotos eludir el mecanismo de protección de lista blanca de dominios (domain-whitelist) mediante un sitio web manipulado, una vulnerabilidad diferente a CVE-2013-2835. • http://git.chromium.org/gitweb/?p=chromiumos/overlays/chromiumos-overlay.git%3Ba=commit%3Bh=9181705680e1f53fd1e895ebe84c1b7f18c5c380 http://googlechromereleases.blogspot.com/2013/04/stable-channel-update-for-chrome-os.html https://code.google.com/p/chromium/issues/detail?id=227158 • CWE-264: Permissions, Privileges, and Access Controls •