CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6770 – chromium-browser: Cross-origin bypass in DOM
https://notcve.org/view.php?id=CVE-2015-6770
The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768. La implementación del DOM en Google Chrome en versiones anteriores a 47.0.2526.73 permite a atacantes remotos eludir la Same Origin Policy a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-6768. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://www.debian.org/security/2015/dsa-3415 http://www.securityfocus.com/bid/78416 http://www.securitytracker.com/id/1034298 http://www.ubuntu.com/usn/USN-2825-1 https://code.google.com/p/chromium/issues/detail?id=541206 https://security.gentoo.org/glsa/20160 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6766 – chromium-browser: Use-after-free in AppCache
https://notcve.org/view.php?id=CVE-2015-6766
Use-after-free vulnerability in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers with renderer access to cause a denial of service or possibly have unspecified other impact by leveraging incorrect AppCacheUpdateJob behavior associated with duplicate cache selection. Vulnerabilidad de uso después de liberación de memoria en la implementación de AppCache en Google Chrome en versiones anteriores a 47.0.2526.73 permite a atacantes remotos con acceso renderer causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante el aprovechamiento del comportamiento incorrecto de AppCacheUpdateJob asociado con la selección de caché duplicada. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://www.debian.org/security/2015/dsa-3415 http://www.securityfocus.com/bid/78416 http://www.securitytracker.com/id/1034298 http://www.ubuntu.com/usn/USN-2825-1 https://code.google.com/p/chromium/issues/detail?id=551044 https://codereview.chromium.org/1418783005& • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6769 – chromium-browser: Cross-origin bypass in core
https://notcve.org/view.php?id=CVE-2015-6769
The provisional-load commit implementation in WebKit/Source/bindings/core/v8/WindowProxy.cpp in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy by leveraging a delay in window proxy clearing. La implementación del envío de carga provisional en WebKit/Source/bindings/core/v8/WindowProxy.cpp en Google Chrome en versiones anteriores a 47.0.2526.73 permite a atacantes remotos eludir la Same Origin Policy mediante el aprovechamiento de un retraso en la desactivación del window proxy. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://www.debian.org/security/2015/dsa-3415 http://www.securityfocus.com/bid/78416 http://www.securitytracker.com/id/1034298 http://www.ubuntu.com/usn/USN-2825-1 https://code.google.com/p/chromium/issues/detail?id=534923 https://codereview.chromium.org/1362203002& • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6779 – chromium-browser: Scheme bypass in PDFium
https://notcve.org/view.php?id=CVE-2015-6779
PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a chrome://settings URL. PDFium, como se utiliza en Google Chrome en versiones anteriores a 47.0.2526.73, no restringe adecuadamente el uso de chrome: URLs, lo que permite a atacantes remotos eludir las restricciones de esquema previstas a través de un documento PDF manipulado, según lo demostrado mediante un documento con un enlace a una URL chrome://settings. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://www.debian.org/security/2015/dsa-3415 http://www.securityfocus.com/bid/78416 http://www.securitytracker.com/id/1034298 https://code.google.com/p/chromium/issues/detail?id=528505 https://codereview.chromium.org/1362433002 https://security.gentoo.org/glsa/201603-0 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2015-6775 – chromium-browser: Type confusion in PDFium
https://notcve.org/view.php?id=CVE-2015-6775
fpdfsdk/src/jsapi/fxjs_v8.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, does not use signatures, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." fpdfsdk/src/jsapi/fxjs_v8.cpp en PDFium, como se utiliza en Google Chrome en versiones anteriores a 47.0.2526.73, no utiliza firmas, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que aprovechan 'confusión de tipos'. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://www.debian.org/security/2015/dsa-3415 http://www.securityfocus.com/bid/78416 http://www.securitytracker.com/id/1034298 https://code.google.com/p/chromium/issues/detail?id=529012 https://codereview.chromium.org/1353193004 https://security.gentoo.org/glsa/201603-0 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •