Page 443 of 2385 results (0.010 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-1292 – chromium-browser: Cross-origin bypass in ServiceWorker

https://notcve.org/view.php?id=CVE-2015-1292

The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker. Vulnerabilidad en la función NavigatorServiceWorker::serviceWorker en modules/serviceworkers/NavigatorServiceWorker.cpp en Blink, cómo se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos eludir the Same Origin Policy mediante el acceso a un Service Worker. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=522791 https://codereview.chromium.org/1307883002 https://security.gentoo.org/glsa/201603-09 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-1293 – chromium-browser: Cross-origin bypass in DOM

https://notcve.org/view.php?id=CVE-2015-1293

The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Vulnerabilidad en la implementación DOM en Blink, cómo se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos eludir the Same Origin Policy a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=524074 https://security.gentoo.org/glsa/201603-09 https://access.redhat.com/security/cve • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-1296 – chromium-browser: Character spoofing in omnibox

https://notcve.org/view.php?id=CVE-2015-1296

The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages. Vulnerabilidad en la implementación UnescapeURLWithAdjustmentsImpl en net/base/escape.cc en Google Chrome en versiones anteriores a 45.0.2454.85, no impide que se visualicen caracteres Unicode LOCK en el omnibox, lo que facilita a atacantes remotos suplantar el icono de bloqueo SSL poniendo uno de estos caracteres al final de una URL, según lo demostrado por el omnibox en localizaciones para los lenguajes de derecha a izquierda. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=421332 https://codereview.chromium.org/1180393003 https://codereview.chromium.org/1189553002 https: • CWE-254: 7PK - Security Features •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6582

https://notcve.org/view.php?id=CVE-2015-6582

The decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not verify that a matrix inversion succeeded, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted web site. Vulnerabilidad en la función platform/transforms/TransformationMatrix.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, no verifica que una inversión de matriz haya tenido éxito, lo que permite a atacantes remotos causar una denegación de servicio (acceso a la memoria no inicializada y caída de la aplicación) o posiblemente tener otro impacto no especificado a través de una página web manipulada. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://src.chromium.org/viewvc/blink?view=revision&revision=195670 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=469247 https://code.google.com/p/chromium/issues/detail?id=526825 • CWE-254: 7PK - Security Features •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2015-1299 – chromium-browser: Use-after-free in Blink

https://notcve.org/view.php?id=CVE-2015-1299

Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging erroneous timer firing, related to ThreadTimers.cpp and Timer.cpp. Vulnerabilidad de uso después de liberación en la memoria en la implementación shared-timer en Blink, como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado aprovechando la activación errónea del temporizador, relacionada con ThreadTimers.cpp y Timer.cpp. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=416362 https://codereview.chromium.org/1153763005 https://codereview.chromium.org/956333002 https: • CWE-416: Use After Free •