CVE-2015-6761 – chromium-browser: Memory corruption in FFMpeg
https://notcve.org/view.php?id=CVE-2015-6761
The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file. La función update_dimensions en libavcodec/vp8.c en FFmpeg hasta la versión 2.8.1, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71 y otros productos, confía en una cuenta de partición de coeficiente durante una operación multi-hilo, lo que permite a atacantes remotos provocar una denegación de servicio (condición de carrera y corrupción de memoria) o posiblemente tener otro impacto no especificado a través de un archivo WebM manipulado. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=dabea74d0e82ea80cd344f630497cafcb3ef872c http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-1912.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/77073 http://www.securitytracker.com/id/1033816 http://www.ubuntu.com/usn/USN-2770-1 http://www.ubuntu.com/usn/USN-2770-2 https://code.google.com/p/chromium/issues/detail?id=447860 htt • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2015-6759 – chromium-browser: Information leakage in LocalStorage
https://notcve.org/view.php?id=CVE-2015-6759
The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors involving a blob: URL. La función shouldTreatAsUniqueOrigin en platform/weborigin/SecurityOrigin.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, no asegura que el origen de un recurso LocalStorage se considere único, lo que permite a atacantes remotos obtener información sensible a través de vectores que impliquen un blob: URL. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-1912.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/77071 http://www.securitytracker.com/id/1033816 http://www.ubuntu.com/usn/USN-2770-1 http://www.ubuntu.com/usn/USN-2770-2 https://code.google.com/p/chromium/issues/detail?id=514076 https://security.gentoo.org/glsa/201603-09 https://src.chromium.org/viewvc/blink? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-6760 – chromium-browser: Improper error handling in libANGLE
https://notcve.org/view.php?id=CVE-2015-6760
The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device. La función Image11::map en renderer/d3d/d3d11/Image11.cpp en libANGLE, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, no maneja correctamente los fallos de mapeo después de eventos de dispositivo perdido, lo que permite a atacantes remotos provocar una denegación de servicio (lectura o escritura no válida) o posiblemente tener otro impacto no especificado a través de vectores que implican un dispositivo extraído. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-1912.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/77071 http://www.securitytracker.com/id/1033816 https://chromium.googlesource.com/angle/angle.git/+/39939686b3731eaaf6c0b639ab64db0277c72475 https://code.google.com/p/chromium/issues/detail?id=519642 https://security.gentoo.org/glsa/201603-09 https://access.redhat.com/security/cve/CVE-2015 • CWE-17: DEPRECATED: Code •
CVE-2015-6763 – Google Chrome - open-vcdiff Out-of-Bounds Read in Browser Process Integer Overflow
https://notcve.org/view.php?id=CVE-2015-6763
Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 46.0.2490.71 permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. There is an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH content encoding). This results in the parser parsing outside of sane memory bounds when parsing the contents of a vcdiff windowThere's an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH content encoding). This results in the parser parsing outside of sane memory bounds when parsing the contents of a vcdiff window. • https://www.exploit-db.com/exploits/38763 http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://packetstormsecurity.com/files/134482/Google-Chrome-Integer-Overflow.html http://rhn.redhat.com/errata/RHSA-2015-1912.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/77071 http://www.securitytracker.com/id/1033816 http://www.ubuntu.com/usn/USN-2770-1 http://www.ubuntu.com/usn/USN-2770-2 https://code.google.com/p •
CVE-2015-7834
https://notcve.org/view.php?id=CVE-2015-7834
Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.6.85.23, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://www.ubuntu.com/usn/USN-2770-1 http://www.ubuntu.com/usn/USN-2770-2 •