Page 440 of 3300 results (0.011 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-1302 – chromium-browser: information leak in PDF viewer

https://notcve.org/view.php?id=CVE-2015-1302

The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc. El visor PDF en Google Chrome en versiones anteriores a 46.0.2490.86 no restringe adecuadamente mensajes de programación de secuencias de comandos y la exposición de la API, lo que permite a atacantes remotos eludir la Same Origin Policy a través de un embedder no intencionado o de la carga de un plugin no intencionado, relacionado con pdf.js y out_of_process_instance.cc. • http://googlechromereleases.blogspot.com/2015/11/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00120.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00121.html http://rhn.redhat.com/errata/RHSA-2015-1841.html http://www.debian.org/security/2015/dsa-3415 http://www.securityfocus.com/bid/77537 http://www.securitytracker.com/id/1034132 https://code.google.com/p/chromium/issues/detail?id=520422 https://codereview.chromium.org/1316803003 https • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6762 – chromium-browser: CORS bypass in CSS fonts

https://notcve.org/view.php?id=CVE-2015-6762

The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows remote web servers to bypass the Same Origin Policy via a redirect. La función CSSFontFaceSrcValue::fetch en core/css/CSSFontFaceSrcValue.cpp en la implementación Cascading Style Sheets (CSS) en Blink, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, no utiliza el algoritmo de petición de origen-cruzado CORS cuando la URL de una fuente parece ser una URL del mismo origen, lo que permite a servidores web remotos eludir la Same Origin Policy a través de un redireccionamiento. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-1912.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/77071 http://www.securitytracker.com/id/1033816 http://www.ubuntu.com/usn/USN-2770-1 http://www.ubuntu.com/usn/USN-2770-2 https://code.google.com/p/chromium/issues/detail?id=512678 https://security.gentoo.org/glsa/201603-09 https://src.chromium.org/viewvc/blink? • CWE-254: 7PK - Security Features •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1

CVE-2015-6763 – Google Chrome - open-vcdiff Out-of-Bounds Read in Browser Process Integer Overflow

https://notcve.org/view.php?id=CVE-2015-6763

Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 46.0.2490.71 permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. There is an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH content encoding). This results in the parser parsing outside of sane memory bounds when parsing the contents of a vcdiff windowThere's an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH content encoding). This results in the parser parsing outside of sane memory bounds when parsing the contents of a vcdiff window. • https://www.exploit-db.com/exploits/38763 http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://packetstormsecurity.com/files/134482/Google-Chrome-Integer-Overflow.html http://rhn.redhat.com/errata/RHSA-2015-1912.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/77071 http://www.securitytracker.com/id/1033816 http://www.ubuntu.com/usn/USN-2770-1 http://www.ubuntu.com/usn/USN-2770-2 https://code.google.com/p&# •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-7834

https://notcve.org/view.php?id=CVE-2015-7834

Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.6.85.23, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://www.ubuntu.com/usn/USN-2770-1 http://www.ubuntu.com/usn/USN-2770-2 •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-6757 – chromium-browser: Use-after-free in ServiceWorker

https://notcve.org/view.php?id=CVE-2015-6757

Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging object destruction in a callback. Vulnerabilidad de uso después de liberación de memoria en content/browser/service_worker/embedded_worker_instance.cc en la implementación ServiceWorker en Google Chrome en versiones anteriores a 46.0.2490.71 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado aprovechando la destrucción del objeto en una devolución de llamada. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-1912.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/77071 http://www.securitytracker.com/id/1033816 http://www.ubuntu.com/usn/USN-2770-1 http://www.ubuntu.com/usn/USN-2770-2 https://code.google.com/p/chromium/issues/detail?id=529520 https://codereview.chromium.org/1327723005 https://security.gentoo.org/glsa/201603-09 • CWE-416: Use After Free •