CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2015-1287 – chromium-browser: SOP bypass with CSS in unspecified
https://notcve.org/view.php?id=CVE-2015-1287
Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp. Vulnerabilidad en Blink implementado en Google Chrome en versiones anteriores a la 44.0.2403.89, habilita una excepción en el quirks-mode que limita los casos en los que un documento Cascading Style Sheets (CSS) es requerido para obtener el tipo de contenido text/css, lo cual permite a atacantes remotos eludir la política del mismo origen a través de un sitio web manipulado, relacionado con core/fetch/CSSStyleSheetResource.cpp. • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html http://rhn.redhat.com/errata/RHSA-2015-1499.html http://www.debian.org/security/2015/dsa-3315 http://www.securityfocus.com/bid/75973 http://www.securitytracker.com/id/1033031 https://code.google.com/p/chromium/issues/detail?id=419383 https://security.gentoo.org/glsa/201603-09 https://src.chromium.org/viewvc/blink?revision=195266&am • CWE-17: DEPRECATED: Code •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0CVE-2015-5605 – chromium-browser: v8 denial of service
https://notcve.org/view.php?id=CVE-2015-5605
The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of a stack-overflow exception message. Vulnerabilidad en la implementación de expresiones regulares en Google V8 de Google Chrome en versiones anteriores a la 44.0.2403.89, no maneja correctamente las interrupciones, lo cual permite a atacantes remotos causar una denegación de servicio mediante la caída de la aplicación a través de código JavaScript manipulado, como se demuestra por un error en la recolección de desperdicios durante la asignación de un mensaje de excepción de desbordamiento de pila. • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html http://rhn.redhat.com/errata/RHSA-2015-1499.html http://www.securityfocus.com/bid/76007 http://www.securitytracker.com/id/1033031 https://chromium.googlesource.com/v8/v8.git/+/c67cb287a901ddf03d4ae4dafcf431d09fd3e22c https://code.google.com/p/chromium/issues/detail?id=469480 https://code.google.com/p/chromium/issues/detail?id=512110 https:/ • CWE-17: DEPRECATED: Code •
CVSS: 6.8EPSS: 1%CPEs: 8EXPL: 0CVE-2015-1273 – chromium-browser: Heap-buffer-overflow in pdfium.
https://notcve.org/view.php?id=CVE-2015-1273
Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document. Vulnerabilidad de desbordamiento de buffer basada en memoria en j2k.c en OpenJPEG en sus versiones anteriores a r3002, implementado PDFium en Google Chrome en versiones anteriores a la 4.0.2403.89. Permite a atacantes remotos causar una denegación de servicio, o posiblemente tener otro impacto no especificado a través de un dato JPEG2000 inválido en un archivo PDF. • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html http://rhn.redhat.com/errata/RHSA-2015-1499.html http://www.debian.org/security/2015/dsa-3315 http://www.securityfocus.com/bid/75973 http://www.securitytracker.com/id/1033031 https://code.google.com/p/chromium/issues/detail?id=459215 https://pdfium.googlesource.com/pdfium/+/cddfde0cddbc8467e0d5fa04c30405ee257750fc https://security.gentoo.org&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2015-1277 – chromium-browser: Use-after-free in accessibility.
https://notcve.org/view.php?id=CVE-2015-1277
Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures. Vulnerabilidad de uso después de liberación de memoria en la implementación de accesibilidad en Google Chrome en versiones anteriores a la 44.0.2403.89. Permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante el aprovechamiento de la falta de determinados controles de validez para las estructuras de datos accessibility-tree . • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html http://rhn.redhat.com/errata/RHSA-2015-1499.html http://www.debian.org/security/2015/dsa-3315 http://www.securityfocus.com/bid/75973 http://www.securitytracker.com/id/1033031 https://code.google.com/p/chromium/issues/detail?id=479743 https://codereview.chromium.org/1144363004 https://codereview.chromium.org/1151393006 https://security& • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-1275
https://notcve.org/view.php?id=CVE-2015-1275
Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTML via a crafted intent: URL, as demonstrated by a trailing alert(document.cookie);// substring, aka "Universal XSS (UXSS)." Vulnerabilidad de XSS en org/chromium/chrome/browser/UrlUtilities.java en Google Chrome en versiones anteriores a la 44.0.2403.89 en Android. Permite a atacantes remotos inyectar arbitrariamente código HTML o web script a través de una URL manipulada, como lo demuestra una alerta de salida (document.cookie);// substring, error conocido como 'Universal XSS (UXSS). • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html http://www.securityfocus.com/bid/75973 http://www.securitytracker.com/id/1033031 https://code.google.com/p/chromium/issues/detail?id=462843 https://codereview.chromium.org/1059413004 https://security.gentoo.org/glsa/201603-09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •