CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6580
https://notcve.org/view.php?id=CVE-2015-6580
Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before 45.0.2454.85, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.5.103.29, como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://www.securitytracker.com/id/1033472 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1292 – chromium-browser: Cross-origin bypass in ServiceWorker
https://notcve.org/view.php?id=CVE-2015-1292
The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker. Vulnerabilidad en la función NavigatorServiceWorker::serviceWorker en modules/serviceworkers/NavigatorServiceWorker.cpp en Blink, cómo se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos eludir the Same Origin Policy mediante el acceso a un Service Worker. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=522791 https://codereview.chromium.org/1307883002 https://security.gentoo.org/glsa/201603-09 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2015-6581
https://notcve.org/view.php?id=CVE-2015-6581
Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure. Vulnerabilidad de liberación doble en la función opj_j2k_copy_default_tcp_and_create_tcd en j2k.c en OpenJPEG en versiones anteriores a r3002, como se utiliza en PDFium en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de la memoria dinámica) desencadenando un fallo de asignación de memoria. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168736.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169258.html http://www.debian.org/security/2016/dsa-3665 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=486538 https://code.google.com/p/chromium/issues/detail?id=526825 https://code.google.com/p/openjpeg/issues/detail? •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1297 – chromium-browser: Permission scoping error in WebRequest
https://notcve.org/view.php?id=CVE-2015-1297
The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension. Vulnerabilidad en la implementación WebRequest API en extensions/browser/api/web_request/web_request_api.cc en Google Chrome en versiones anteriores a 45.0.2454.85, no considera correctamente una fuente de petición antes de aceptar la petición, lo que permite a atacantes remotos eludir las restricciones de acceso previstas a través de una (1) app o (2) extensión manipulada. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=510802 https://codereview.chromium.org/1267183003 https://security.gentoo.org/glsa/201603-09 • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1294 – chromium-browser: Use-after-free in Skia
https://notcve.org/view.php?id=CVE-2015-1294
Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an infinite result during an inversion calculation. Vulnerabilidad de uso después de liberación en la memoria en la función SkMatrix::invertNonIdentity en core/SkMatrix.cpp en Skia, como se utiliza en Google Chrome en versiones anteriores a 45.0.2454.85, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado desencadenando el uso de elementos matrices que llevan a un resultado infinito durante un cálculo de inversión. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=492263 https://codereview.chromium.org/1188433011 https://security.gentoo.org/glsa/201603-09 • CWE-416: Use After Free •