Page 443 of 2607 results (0.012 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-1298 – chromium-browser: URL validation error in extensions

https://notcve.org/view.php?id=CVE-2015-1298

The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to trigger access to an arbitrary URL via a crafted extension that is uninstalled. Vulnerabilidad en la función RuntimeEventRouter::OnExtensionUninstalled en extensions/browser/api/runtime/runtime_api.cc en Google Chrome en versiones anteriores a 45.0.2454.85, no asegura que la preferencia setUninstallURL corresponda con la URL de una página web, lo que permite atacantes remotos asistidos por usuario desencadenar acceso a una URL arbitraria a través de una extensión manipulada que es desinstalada. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=518827 https://codereview.chromium.org/1282263002 https://security.gentoo.org/glsa/201603-09 • CWE-254: 7PK - Security Features •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-1299 – chromium-browser: Use-after-free in Blink

https://notcve.org/view.php?id=CVE-2015-1299

Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging erroneous timer firing, related to ThreadTimers.cpp and Timer.cpp. Vulnerabilidad de uso después de liberación en la memoria en la implementación shared-timer en Blink, como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado aprovechando la activación errónea del temporizador, relacionada con ThreadTimers.cpp y Timer.cpp. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=416362 https://codereview.chromium.org/1153763005 https://codereview.chromium.org/956333002 https: • CWE-416: Use After Free •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6583

https://notcve.org/view.php?id=CVE-2015-6583

Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hosted_app_browser_controller.cc. Vulnerabilidad en Google Chrome en versiones anteriores a 45.0.2454.85, no muestra una barra de localización para la ventana de una aplicación alojada después de la navegación fuera de la página de instalación, lo que podría facilitar a atacantes remotos suplantar contenido a través de una aplicación manipulada, relacionada con browser.cc y hosted_app_browser_controller.cc. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=467844 https://code.google.com/p/chromium/issues/detail?id=526825 https://codereview.chromium.org/1164873003 • CWE-254: 7PK - Security Features •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-1293 – chromium-browser: Cross-origin bypass in DOM

https://notcve.org/view.php?id=CVE-2015-1293

The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Vulnerabilidad en la implementación DOM en Blink, cómo se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos eludir the Same Origin Policy a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=524074 https://security.gentoo.org/glsa/201603-09 https://access.redhat.com/security/cve • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-1291 – chromium-browser: Cross-origin bypass in DOM

https://notcve.org/view.php?id=CVE-2015-1291

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements. Vulnerabilidad en la función ContainerNode::parserRemoveChild en core/dom/ContainerNode.cpp en Blink, cómo se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, no comprueba si se espera un nodo, lo que permite a atacantes remotos eludir la Same Origin Policy o causar una denegación de servicio (corrupción de árbol DOM) a través de una página web con un código JavaScript manipulado y elementos IFRAME. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=516377 https://security.gentoo.org/glsa/201603-09 https://src.chromium.org/viewvc/blink? • CWE-264: Permissions, Privileges, and Access Controls •