Page 444 of 2459 results (0.010 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker. Vulnerabilidad en la función NavigatorServiceWorker::serviceWorker en modules/serviceworkers/NavigatorServiceWorker.cpp en Blink, cómo se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos eludir the Same Origin Policy mediante el acceso a un Service Worker. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=522791 https://codereview.chromium.org/1307883002 https://security.gentoo.org/glsa/201603-09 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call. Vulnerabilidad en la función FrameFetchContext::updateTimingInfoForIFrameNavigation en core/loader/FrameFetchContext.cpp en Blink, como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, no restringe correctamente la disponibilidad de tiempos de la API IFRAME Resource Timing, lo que permite a atacantes remotos obtener información sensible a través de código JavaScript manipulado que aprovecha una llamada history.back. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=511616 https://github.com/w3c/resource-timing/issues/29 https://security.gentoo.org/glsa&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before 45.0.2454.85, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.5.103.29, como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://www.securitytracker.com/id/1033472 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hosted_app_browser_controller.cc. Vulnerabilidad en Google Chrome en versiones anteriores a 45.0.2454.85, no muestra una barra de localización para la ventana de una aplicación alojada después de la navegación fuera de la página de instalación, lo que podría facilitar a atacantes remotos suplantar contenido a través de una aplicación manipulada, relacionada con browser.cc y hosted_app_browser_controller.cc. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=467844 https://code.google.com/p/chromium/issues/detail?id=526825 https://codereview.chromium.org/1164873003 • CWE-254: 7PK - Security Features •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Vulnerabilidad en la implementación DOM en Blink, cómo se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos eludir the Same Origin Policy a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=524074 https://security.gentoo.org/glsa/201603-09 https://access.redhat.com/security/cve • CWE-264: Permissions, Privileges, and Access Controls •