CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2015-6792 – chromium-browser: Fixes from internal audits and fuzzing
https://notcve.org/view.php?id=CVE-2015-6792
The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664. El subsistema MIDI en Google Chrome en versiones anteriores a la 47.0.2526.106 no maneja correctamente el envío de datos, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la aplicación) a través de vectores no especificados, relacionada con midi_manager.cc, midi_manager_alsa.cc y midi_manager_mac.cc, una vulnerabilidad diferente a CVE-2015-8664. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00030.html http://rhn.redhat.com/errata/RHSA-2015-2665.html http://www.debian.org/security/2016/dsa-3456 http://www.securityfocus.com/bid/79348 http://www.securitytracker.com/id/1034491 https://code.google.com/p/chromium/issues/detail?id=564501 https://code.google.com&# •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6790 – chromium-browser: Escaping issue in saved pages
https://notcve.org/view.php?id=CVE-2015-6790
The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string. La función WebPageSerializerImpl::openTagToString en WebKit/Source/web/WebPageSerializerImpl.cpp en el serializador de página en Google Chrome en versiones anteriores a 47.0.2526.80 no usa adecuadamente entidades HTML, lo que puede permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un documento manipulado, según lo demostrado en un carácter de doble comilla dentro de una cadena entre comillas simples . • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://rhn.redhat.com/errata/RHSA-2015-2618.html http://www.debian.org/security/2015/dsa-3418 http://www.securityfocus.com/bid/78734 http://www.ubuntu.com/usn/USN-2860-1 https://code.google.com/p/chromium/issues/detail?id=542054 https://codereview.chromium • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6791 – chromium-browser: Various fixes from internal audits, fuzzing and other initiatives
https://notcve.org/view.php?id=CVE-2015-6791
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 47.0.2526.80 permite a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://rhn.redhat.com/errata/RHSA-2015-2618.html http://www.debian.org/security/2015/dsa-3418 http://www.securityfocus.com/bid/78734 http://www.ubuntu.com/usn/USN-2860-1 https://code.google.com/p/chromium/issues/detail?id=534994 https://code.google.com •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8548 – v8: multiple vulnerabilities fixed in 4.7.80.23
https://notcve.org/view.php?id=CVE-2015-8548
Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.7.80.23, como se utiliza en Google Chrome en versiones anteriores a 47.0.2526.80, permite a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos, un problema diferente a CVE-2015-8478. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html http://rhn.redhat.com/errata/RHSA-2015-2618.html http://www.ubuntu.com/usn/USN-2860-1 https://access.redhat.com/security/cve/CVE-2015-8548 https://bugzilla.redhat.com/show_bug.cgi?id=1291235 •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2015-6788 – chromium-browser: Type confusion in extensions
https://notcve.org/view.php?id=CVE-2015-6788
The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." La clase ObjectBackedNativeHandler en extensions/renderer/object_backed_native_handler.cc en el subsistema de extensiones en Google Chrome en versiones anteriores a 47.0.2526.80 implementa de manera incorrecta funciones del controlador, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que aprovechan 'confusión de tipos'. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://rhn.redhat.com/errata/RHSA-2015-2618.html http://www.debian.org/security/2015/dsa-3418 http://www.securityfocus.com/bid/78734 https://code.google.com/p/chromium/issues/detail?id=548273 https://codereview.chromium.org/1422383003 https://security.gentoo.org&#x • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •