CVE-2015-6757 – chromium-browser: Use-after-free in ServiceWorker
https://notcve.org/view.php?id=CVE-2015-6757
Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging object destruction in a callback. Vulnerabilidad de uso después de liberación de memoria en content/browser/service_worker/embedded_worker_instance.cc en la implementación ServiceWorker en Google Chrome en versiones anteriores a 46.0.2490.71 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado aprovechando la destrucción del objeto en una devolución de llamada. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-1912.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/77071 http://www.securitytracker.com/id/1033816 http://www.ubuntu.com/usn/USN-2770-1 http://www.ubuntu.com/usn/USN-2770-2 https://code.google.com/p/chromium/issues/detail?id=529520 https://codereview.chromium.org/1327723005 https://security.gentoo.org/glsa/201603-09 • CWE-416: Use After Free •
CVE-2015-6758 – chromium-browser: Bad-cast in PDFium
https://notcve.org/view.php?id=CVE-2015-6758
The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. La función CPDF_Document::GetPage en fpdfapi/fpdf_parser/fpdf_parser_document.cpp en PDFium, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, no lleva a cabo correctamente una proyección de un objeto de diccionario, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un documento PDF manipulado. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-1912.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/77071 http://www.securitytracker.com/id/1033816 https://code.google.com/p/chromium/issues/detail?id=522131 https://codereview.chromium.org/1327913002 https://security.gentoo.org/glsa/201603-09 https://access.redhat.com/security/cve/CVE-2015-6758 https://bugzilla.redhat.com/show • CWE-17: DEPRECATED: Code CWE-704: Incorrect Type Conversion or Cast •
CVE-2015-6761 – chromium-browser: Memory corruption in FFMpeg
https://notcve.org/view.php?id=CVE-2015-6761
The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file. La función update_dimensions en libavcodec/vp8.c en FFmpeg hasta la versión 2.8.1, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71 y otros productos, confía en una cuenta de partición de coeficiente durante una operación multi-hilo, lo que permite a atacantes remotos provocar una denegación de servicio (condición de carrera y corrupción de memoria) o posiblemente tener otro impacto no especificado a través de un archivo WebM manipulado. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=dabea74d0e82ea80cd344f630497cafcb3ef872c http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-1912.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/77073 http://www.securitytracker.com/id/1033816 http://www.ubuntu.com/usn/USN-2770-1 http://www.ubuntu.com/usn/USN-2770-2 https://code.google.com/p/chromium/issues/detail?id=447860 htt • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2015-6759 – chromium-browser: Information leakage in LocalStorage
https://notcve.org/view.php?id=CVE-2015-6759
The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors involving a blob: URL. La función shouldTreatAsUniqueOrigin en platform/weborigin/SecurityOrigin.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, no asegura que el origen de un recurso LocalStorage se considere único, lo que permite a atacantes remotos obtener información sensible a través de vectores que impliquen un blob: URL. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-1912.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/77071 http://www.securitytracker.com/id/1033816 http://www.ubuntu.com/usn/USN-2770-1 http://www.ubuntu.com/usn/USN-2770-2 https://code.google.com/p/chromium/issues/detail?id=514076 https://security.gentoo.org/glsa/201603-09 https://src.chromium.org/viewvc/blink? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-6760 – chromium-browser: Improper error handling in libANGLE
https://notcve.org/view.php?id=CVE-2015-6760
The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device. La función Image11::map en renderer/d3d/d3d11/Image11.cpp en libANGLE, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, no maneja correctamente los fallos de mapeo después de eventos de dispositivo perdido, lo que permite a atacantes remotos provocar una denegación de servicio (lectura o escritura no válida) o posiblemente tener otro impacto no especificado a través de vectores que implican un dispositivo extraído. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-1912.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/77071 http://www.securitytracker.com/id/1033816 https://chromium.googlesource.com/angle/angle.git/+/39939686b3731eaaf6c0b639ab64db0277c72475 https://code.google.com/p/chromium/issues/detail?id=519642 https://security.gentoo.org/glsa/201603-09 https://access.redhat.com/security/cve/CVE-2015 • CWE-17: DEPRECATED: Code •