CVE-2015-1295 – chromium-browser: Use-after-free in Printing
https://notcve.org/view.php?id=CVE-2015-1295
Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC messages during preparation for printing, as demonstrated by messages associated with PDF documents in conjunction with messages about printer capabilities. Múltiples vulnerabilidades de uso después de liberación de memoria en la clase PrintWebViewHelper en components/printing/renderer/print_web_view_helper.cc en Google Chrome en versiones anteriores a 45.0.2454.85, permiten a atacantes remotos asistidos por usuario causar una denegación de servicio o posiblemente tener otro impacto no especificado desencadenando mensajes IPC anidados durante la preparación para impresión, según lo demostrado por mensajes asociados a documentos PDF en conjunción con mensajes acerca de las capacidades de la impresora. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=502562 https://codereview.chromium.org/1228693002 https://security.gentoo.org/glsa/201603-09 • CWE-416: Use After Free •
CVE-2015-1298 – chromium-browser: URL validation error in extensions
https://notcve.org/view.php?id=CVE-2015-1298
The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to trigger access to an arbitrary URL via a crafted extension that is uninstalled. Vulnerabilidad en la función RuntimeEventRouter::OnExtensionUninstalled en extensions/browser/api/runtime/runtime_api.cc en Google Chrome en versiones anteriores a 45.0.2454.85, no asegura que la preferencia setUninstallURL corresponda con la URL de una página web, lo que permite atacantes remotos asistidos por usuario desencadenar acceso a una URL arbitraria a través de una extensión manipulada que es desinstalada. • http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.debian.org/security/2015/dsa-3351 http://www.securitytracker.com/id/1033472 https://code.google.com/p/chromium/issues/detail?id=518827 https://codereview.chromium.org/1282263002 https://security.gentoo.org/glsa/201603-09 • CWE-254: 7PK - Security Features •
CVE-2015-1285 – chromium-browser: Information leak in XSS auditor.
https://notcve.org/view.php?id=CVE-2015-1285
The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack. Vulnerabilidad en la función XSSAuditor::canonicalize en core/html/parser/XSSAuditor.cpp en el auditor XSS en Blink, usado en Google Chrome en versiones anteriores a la 44.0.2403.89, no elige correctamente un punto de truncado, lo cual hace más fácil que atacantes remotos obtengan información sensible a través de un ataque de tiempo lineal no especificado. • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html http://rhn.redhat.com/errata/RHSA-2015-1499.html http://www.debian.org/security/2015/dsa-3315 http://www.securityfocus.com/bid/75973 http://www.securitytracker.com/id/1033031 https://code.google.com/p/chromium/issues/detail?id=498982 https://security.gentoo.org/glsa/201603-09 https://src.chromium.org/viewvc/blink?revision=196971&am • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-1288 – chromium-browser: Spell checking dictionaries fetched over HTTP in unspecified
https://notcve.org/view.php?id=CVE-2015-1288
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263. Vulnerabilidad en la implementación de Spellcheck API en Google Chrome en versiones anteriores a la 44.0.2403.89, no usa una sesión HTTPS para la descarga de un diccionario Hunspell, lo cual permite realizar ataques de man-in-the-middle empleados para ofrecer sugerencias de ortografía incorrectas o posiblemente tener otro impacto no especificado a través de archivos manipulados, un tema relacionado con CVE-2015-1263. • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html http://rhn.redhat.com/errata/RHSA-2015-1499.html http://www.debian.org/security/2015/dsa-3315 http://www.securityfocus.com/bid/75973 http://www.securitytracker.com/id/1033031 https://code.google.com/p/chromium/issues/detail?id=479162 https://codereview.chromium.org/1056103005 https://security.gentoo.org/glsa/201603-09 https:// • CWE-17: DEPRECATED: Code •
CVE-2015-1280 – chromium-browser: Memory corruption in skia
https://notcve.org/view.php?id=CVE-2015-1280
SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data. Vulnerabilidad en SkPictureShader.cpp de Skia usado en Google Chrome en versiones anteriores a la 44.0.2403.89. Permite a atacantes remotos causar una denegación de servicio mediante la corrupción de memoria o posiblemente tener otro impacto no especificado al aprovechar el acceso al intérprete de procesos y proporcionar datos serializados manipulados. • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html http://rhn.redhat.com/errata/RHSA-2015-1499.html http://www.debian.org/security/2015/dsa-3315 http://www.securityfocus.com/bid/75973 http://www.securitytracker.com/id/1033031 https://code.google.com/p/chromium/issues/detail?id=486947 https://codereview.chromium.org/1151663002 https://security.gentoo.org/glsa/201603-09 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •