CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2015-6763 – Google Chrome - open-vcdiff Out-of-Bounds Read in Browser Process Integer Overflow
https://notcve.org/view.php?id=CVE-2015-6763
Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 46.0.2490.71 permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. There is an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH content encoding). This results in the parser parsing outside of sane memory bounds when parsing the contents of a vcdiff windowThere's an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH content encoding). This results in the parser parsing outside of sane memory bounds when parsing the contents of a vcdiff window. • https://www.exploit-db.com/exploits/38763 http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://packetstormsecurity.com/files/134482/Google-Chrome-Integer-Overflow.html http://rhn.redhat.com/errata/RHSA-2015-1912.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/77071 http://www.securitytracker.com/id/1033816 http://www.ubuntu.com/usn/USN-2770-1 http://www.ubuntu.com/usn/USN-2770-2 https://code.google.com/p&# •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7834
https://notcve.org/view.php?id=CVE-2015-7834
Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.6.85.23, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, permite a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://www.ubuntu.com/usn/USN-2770-1 http://www.ubuntu.com/usn/USN-2770-2 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6755 – chromium-browser: cross-origin bypass in Blink
https://notcve.org/view.php?id=CVE-2015-6755
The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. La función ContainerNode::parserInsertBefore en core/dom/ContainerNode.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, procede con una inserción de árbol DOM en ciertos casos en los que un nodo padre ya no contiene un nodo hijo, lo que permite a atacantes remotos eludir la Same Origin Policy a través de código JavaScript manipulado. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-1912.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/77071 http://www.securitytracker.com/id/1033816 http://www.ubuntu.com/usn/USN-2770-1 http://www.ubuntu.com/usn/USN-2770-2 https://code.google.com/p/chromium/issues/detail?id=519558 https://security.gentoo.org/glsa/201603-09 https://src.chromium.org/viewvc/blink? • CWE-264: Permissions, Privileges, and Access Controls CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6757 – chromium-browser: Use-after-free in ServiceWorker
https://notcve.org/view.php?id=CVE-2015-6757
Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging object destruction in a callback. Vulnerabilidad de uso después de liberación de memoria en content/browser/service_worker/embedded_worker_instance.cc en la implementación ServiceWorker en Google Chrome en versiones anteriores a 46.0.2490.71 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado aprovechando la destrucción del objeto en una devolución de llamada. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-1912.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/77071 http://www.securitytracker.com/id/1033816 http://www.ubuntu.com/usn/USN-2770-1 http://www.ubuntu.com/usn/USN-2770-2 https://code.google.com/p/chromium/issues/detail?id=529520 https://codereview.chromium.org/1327723005 https://security.gentoo.org/glsa/201603-09 • CWE-416: Use After Free •
CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0CVE-2015-6756 – chromium-browser: use-after-free in PDFium
https://notcve.org/view.php?id=CVE-2015-6756
Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging mishandling of a focused annotation in a PDF document. Vulnerabilidad de uso después de liberación de memoria en la implementación CPDFSDK_PageView en fpdfsdk/src/fsdk_mgr.cpp en PDFium, como se utiliza en Google Chrome en versiones anteriores a 46.0.2490.71, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria dinámica) o posiblemente tener otro impacto no especificado aprovechando el manejo incorrecto de una anotación enfocada en un documento PDF. • http://googlechromereleases.blogspot.com/2015/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-1912.html http://www.debian.org/security/2015/dsa-3376 http://www.securityfocus.com/bid/77071 http://www.securitytracker.com/id/1033816 https://code.google.com/p/chromium/issues/detail?id=507316 https://codereview.chromium.org/1332653002 https://security.gentoo.org/glsa/201603-09 https://access.redhat.com/security/cve/CVE-2015-6756 https://bugzilla.redhat.com/show • CWE-416: Use After Free •