CVE-2015-1268 – chromium-browser: Cross-origin bypass in Blink
https://notcve.org/view.php?id=CVE-2015-1268
bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL. bindings/scripts/v8_types.py en Blink, utilizado en Google Chrome anterior a 43.0.2357.130, no selecciona correctamente un contexto de la creación para el envoltorio DOM de un valor de retorno, lo que permite a atacantes remotos evadir Same Origin Policy a través de código JavaScript manipulado, tal y como fue demostrado mediante el uso de una URL data:. • http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00057.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00012.html http://rhn.redhat.com/errata/RHSA-2015-1188.html http://www.debian.org/security/2015/dsa-3315 http://www.securityfocus.com/bid/75332 http://www.securitytracker.com/id/1032731 http://www.ubuntu.com/usn/USN-2652-1 https://code.google.com/p/chromium/issues/detail?id=494640 ht • CWE-254: 7PK - Security Features •
CVE-2015-1264 – chromium-browser: Cross-site scripting in bookmarks.
https://notcve.org/view.php?id=CVE-2015-1264
Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks feature. Vulnerabilidad de XSS en Google Chrome anterior a 43.0.2357.65 permite a atacantes remotos asistidos por usuario inyectar secuencias de comandos web arbitrarios o HTMl a través de datos manipulados que son manejados incorrectamente por la característica de favoritos (Bookmarks). • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html http://www.debian.org/security/2015/dsa-3267 http://www.securityfocus.com/bid/74723 http://www.securitytracker.com/id/1032375 https://code.google.com/p/chromium/issues/detail?id=481015 https://security.gentoo.org/glsa/201506-04 https://access.redhat.com/security/cve/CVE-2015& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-1253 – chromium-browser: Cross-origin bypass in DOM.
https://notcve.org/view.php?id=CVE-2015-1253
core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions. core/html/parser/HTMLConstructionSite.cpp en la implementación DOM en Blink, utilizado en Google Chrome anterior a 43.0.2357.65, permite a atacantes remotos evadir Same Origin Policy a través de código JavaScript manipulado que adjunta un hijo a un elemento SCRIPT, relacionado con las funciones insert y executeReparentTask. • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html http://www.debian.org/security/2015/dsa-3267 http://www.securityfocus.com/bid/74723 http://www.securitytracker.com/id/1032375 https://code.google.com/p/chromium/issues/detail?id=464552 https://security.gentoo.org/glsa/201506-04 https://src.chromium.org/viewvc/blink?revision=19 • CWE-284: Improper Access Control •
CVE-2015-1256 – chromium-browser: Use-after-free in SVG.
https://notcve.org/view.php?id=CVE-2015-1256
Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element. Vulnerabilidad de uso después de liberación en la implementación SVG en Blink, utilizado en Google Chrome anterior a 43.0.2357.65, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un documento manipulado que aprovecha el manejo incorrecto de un árbol de sombra para un elemento de uso. • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html http://www.debian.org/security/2015/dsa-3267 http://www.securityfocus.com/bid/74723 http://www.securitytracker.com/id/1032375 https://code.google.com/p/chromium/issues/detail?id=478549 https://codereview.chromium.org/1098913004 https://security.gentoo.org/glsa/201506-04 https:/ • CWE-416: Use After Free •
CVE-2015-1257 – chromium-browser: Container-overflow in SVG.
https://notcve.org/view.php?id=CVE-2015-1257
platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document. platform/graphics/filters/FEColorMatrix.cpp en la implementación SVG en Blink, utilizado en Google Chrome anterior a 43.0.2357.65, no maneja correctamente un número insuficiente de valores en un filtro feColorMatrix, lo que permite a atacantes remotosw causar una denegación de servicio (desbordamiento de contenedor) o posiblemente tener otro impacto no especificado a través de un documento manipulado. • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html http://www.debian.org/security/2015/dsa-3267 http://www.securityfocus.com/bid/74723 http://www.securitytracker.com/id/1032375 https://code.google.com/p/chromium/issues/detail?id=468519 https://security.gentoo.org/glsa/201506-04 https://src.chromium.org/viewvc/blink?view=rev&am • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •