CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7834
https://notcve.org/view.php?id=CVE-2015-7834
Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.6.85.23, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://www.ubuntu.com/usn/USN-2770-1 http://www.ubuntu.com/usn/USN-2770-2 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6755 – chromium-browser: cross-origin bypass in Blink
https://notcve.org/view.php?id=CVE-2015-6755
The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. La función ContainerNode::parserInsertBefore en core/dom/ContainerNode.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, procede con una inserción de árbol DOM en ciertos casos en los que un nodo padre ya no contiene un nodo hijo, lo que permite a atacantes remotos eludir la Same Origin Policy a través de código JavaScript manipulado. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-1912.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/77071 http://www.securitytracker.com/id/1033816 http://www.ubuntu.com/usn/USN-2770-1 http://www.ubuntu.com/usn/USN-2770-2 https://code.google.com/p/chromium/issues/detail?id=519558 https://security.gentoo.org/glsa/201603-09 https://src.chromium.org/viewvc/blink? • CWE-264: Permissions, Privileges, and Access Controls CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6759 – chromium-browser: Information leakage in LocalStorage
https://notcve.org/view.php?id=CVE-2015-6759
The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors involving a blob: URL. La función shouldTreatAsUniqueOrigin en platform/weborigin/SecurityOrigin.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, no asegura que el origen de un recurso LocalStorage se considere único, lo que permite a atacantes remotos obtener información sensible a través de vectores que impliquen un blob: URL. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-1912.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/77071 http://www.securitytracker.com/id/1033816 http://www.ubuntu.com/usn/USN-2770-1 http://www.ubuntu.com/usn/USN-2770-2 https://code.google.com/p/chromium/issues/detail?id=514076 https://security.gentoo.org/glsa/201603-09 https://src.chromium.org/viewvc/blink? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6760 – chromium-browser: Improper error handling in libANGLE
https://notcve.org/view.php?id=CVE-2015-6760
The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device. La función Image11::map en renderer/d3d/d3d11/Image11.cpp en libANGLE, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, no maneja correctamente los fallos de mapeo después de eventos de dispositivo perdido, lo que permite a atacantes remotos provocar una denegación de servicio (lectura o escritura no válida) o posiblemente tener otro impacto no especificado a través de vectores que implican un dispositivo extraído. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-1912.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/77071 http://www.securitytracker.com/id/1033816 https://chromium.googlesource.com/angle/angle.git/+/39939686b3731eaaf6c0b639ab64db0277c72475 https://code.google.com/p/chromium/issues/detail?id=519642 https://security.gentoo.org/glsa/201603-09 https://access.redhat.com/security/cve/CVE-2015 • CWE-17: DEPRECATED: Code •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1303 – chromium-browser: Cross-origin bypass in DOM
https://notcve.org/view.php?id=CVE-2015-1303
bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element. bindings/core/v8/V8DOMWrapper.h en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.101, no realiza una acción de volver a lanzar para propagar información sobre una excepción cross-context, lo que permite a atacantes remotos eludir la Same Origin Policy a través de un documento HTML manipulado que contiene un elemento IFRAME . • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00002.html http://rhn.redhat.com/errata/RHSA-2015-1841.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/76844 http://www.securitytracker.com/id/1033683 http://www.ubuntu.com/usn/USN-2757-1 https://code.google.com/p/chromium/issues& • CWE-20: Improper Input Validation CWE-284: Improper Access Control •