Page 442 of 2459 results (0.011 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-1300 – chromium-browser: Information leak in Blink

https://notcve.org/view.php?id=CVE-2015-1300

The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call. Vulnerabilidad en la función FrameFetchContext::updateTimingInfoForIFrameNavigation en core/loader/FrameFetchContext.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, no restringe correctamente la disponibilidad de tiempos de la API IFRAME Resource Timing, lo que permite a atacantes remotos obtener información sensible a través de código JavaScript manipulado que aprovecha una llamada history.back. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=511616 https://github.com/w3c/resource-timing/issues/29 https://security.gentoo.org/glsa&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6583

https://notcve.org/view.php?id=CVE-2015-6583

Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hosted_app_browser_controller.cc. Vulnerabilidad en Google Chrome en versiones anteriores a 45.0.2454.85, no muestra una barra de localización para la ventana de una aplicación alojada después de la navegación fuera de la página de instalación, lo que podría facilitar a atacantes remotos suplantar contenido a través de una aplicación manipulada, relacionada con browser.cc y hosted_app_browser_controller.cc. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=467844 https://code.google.com/p/chromium/issues/detail?id=526825 https://codereview.chromium.org/1164873003 • CWE-254: 7PK - Security Features •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-1297 – chromium-browser: Permission scoping error in WebRequest

https://notcve.org/view.php?id=CVE-2015-1297

The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension. Vulnerabilidad en la implementación WebRequest API en extensions/browser/api/web_request/web_request_api.cc en Google Chrome en versiones anteriores a 45.0.2454.85, no considera correctamente una fuente de petición antes de aceptar la petición, lo que permite a atacantes remotos eludir las restricciones de acceso previstas a través de una (1) app o (2) extensión manipulada. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=510802 https://codereview.chromium.org/1267183003 https://security.gentoo.org/glsa/201603-09 • CWE-254: 7PK - Security Features •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-1292 – chromium-browser: Cross-origin bypass in ServiceWorker

https://notcve.org/view.php?id=CVE-2015-1292

The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker. Vulnerabilidad en la función NavigatorServiceWorker::serviceWorker en modules/serviceworkers/NavigatorServiceWorker.cpp en Blink, cómo se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos eludir the Same Origin Policy mediante el acceso a un Service Worker. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=522791 https://codereview.chromium.org/1307883002 https://security.gentoo.org/glsa/201603-09 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-1293 – chromium-browser: Cross-origin bypass in DOM

https://notcve.org/view.php?id=CVE-2015-1293

The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Vulnerabilidad en la implementación DOM en Blink, cómo se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos eludir the Same Origin Policy a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=524074 https://security.gentoo.org/glsa/201603-09 https://access.redhat.com/security/cve • CWE-264: Permissions, Privileges, and Access Controls •