CVE-2015-1304 – chromium-browser: Cross-origin bypass in V8
https://notcve.org/view.php?id=CVE-2015-1304
object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call. object-observe.js en Google V8, tal como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.101, no restringe adecuadamente las llamadas a métodos en objetos de acceso verificado, lo que permite a atacantes remotos eludir la Same Origin Policy a través de una llamada (1) observe o (2) getNotifier . • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00002.html http://rhn.redhat.com/errata/RHSA-2015-1841.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/76844 http://www.securitytracker.com/id/1033683 http://www.ubuntu.com/usn/USN-2757-1 https://chromium.googlesource.com/v8/v8/ • CWE-284: Improper Access Control •
CVE-2015-1303 – chromium-browser: Cross-origin bypass in DOM
https://notcve.org/view.php?id=CVE-2015-1303
bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element. bindings/core/v8/V8DOMWrapper.h en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.101, no realiza una acción de volver a lanzar para propagar información sobre una excepción cross-context, lo que permite a atacantes remotos eludir la Same Origin Policy a través de un documento HTML manipulado que contiene un elemento IFRAME . • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00002.html http://rhn.redhat.com/errata/RHSA-2015-1841.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/76844 http://www.securitytracker.com/id/1033683 http://www.ubuntu.com/usn/USN-2757-1 https://code.google.com/p/chromium/issues& • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVE-2015-1294 – chromium-browser: Use-after-free in Skia
https://notcve.org/view.php?id=CVE-2015-1294
Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an infinite result during an inversion calculation. Vulnerabilidad de uso después de liberación en la memoria en la función SkMatrix::invertNonIdentity en core/SkMatrix.cpp en Skia, como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado desencadenando el uso de elementos matrices que llevan a un resultado infinito durante un cálculo de inversión. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=492263 https://codereview.chromium.org/1188433011 https://security.gentoo.org/glsa/201603-09 • CWE-416: Use After Free •
CVE-2015-1296 – chromium-browser: Character spoofing in omnibox
https://notcve.org/view.php?id=CVE-2015-1296
The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages. Vulnerabilidad en la implementación UnescapeURLWithAdjustmentsImpl en net/base/escape.cc en Google Chrome en versiones anteriores a 45.0.2454.85, no impide que se visualicen caracteres Unicode LOCK en el omnibox, lo que facilita a atacantes remotos suplantar el icono de bloqueo SSL poniendo uno de estos caracteres al final de una URL, según lo demostrado por el omnibox en localizaciones para los lenguajes de derecha a izquierda. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=421332 https://codereview.chromium.org/1180393003 https://codereview.chromium.org/1189553002 https: • CWE-254: 7PK - Security Features •
CVE-2015-6582
https://notcve.org/view.php?id=CVE-2015-6582
The decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not verify that a matrix inversion succeeded, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted web site. Vulnerabilidad en la función platform/transforms/TransformationMatrix.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, no verifica que una inversión de matriz haya tenido éxito, lo que permite a atacantes remotos causar una denegación de servicio (acceso a la memoria no inicializada y caída de la aplicación) o posiblemente tener otro impacto no especificado a través de una página web manipulada. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://src.chromium.org/viewvc/blink?view=revision&revision=195670 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=469247 https://code.google.com/p/chromium/issues/detail?id=526825 • CWE-254: 7PK - Security Features •