CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1261 – chromium-browser: URL bar spoofing in unspecified component
https://notcve.org/view.php?id=CVE-2015-1261
android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text. android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java en Google Chrome anterior a 43.0.2357.65 en Android no restringe correctamente el uso de el identificador de fragmentos de una URL durante la construcción de una página emergente de información, lo que permite a atacantes remotos falsificar la barra de la URL o entregar contenidos de emergentes engañosos a través de un texto manipulado. • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html http://www.debian.org/security/2015/dsa-3267 http://www.securityfocus.com/bid/74723 http://www.securitytracker.com/id/1032375 https://code.google.com/p/chromium/issues/detail?id=466351 https://codereview.chromium.org/1011383005 https://codereview.chromium.org/1056743002 https://co • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2015-1253 – chromium-browser: Cross-origin bypass in DOM.
https://notcve.org/view.php?id=CVE-2015-1253
core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions. core/html/parser/HTMLConstructionSite.cpp en la implementación DOM en Blink, utilizado en Google Chrome anterior a 43.0.2357.65, permite a atacantes remotos evadir Same Origin Policy a través de código JavaScript manipulado que adjunta un hijo a un elemento SCRIPT, relacionado con las funciones insert y executeReparentTask. • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html http://www.debian.org/security/2015/dsa-3267 http://www.securityfocus.com/bid/74723 http://www.securitytracker.com/id/1032375 https://code.google.com/p/chromium/issues/detail?id=464552 https://security.gentoo.org/glsa/201506-04 https://src.chromium.org/viewvc/blink?revision=19 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-1255 – chromium-browser: Use-after-free in WebAudio.
https://notcve.org/view.php?id=CVE-2015-1255
Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track. Vulnerabilidad de uso después de liberación en content/renderer/media/webaudio_capturer_source.cc en la implementación WebAudio en Google Chrome anterior a 43.0.2357.65 permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria dinámica) o posiblemente tener otro impacto no especificado mediante el aprovechamiento del manejo incorrecto de una acción de parar para una pista de audio. • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html http://www.debian.org/security/2015/dsa-3267 http://www.securityfocus.com/bid/74723 http://www.securitytracker.com/id/1032375 https://code.google.com/p/chromium/issues/detail?id=473253 https://codereview.chromium.org/1071063005 https://security.gentoo.org/glsa/201506-04 https:/ • CWE-416: Use After Free •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2015-1257 – chromium-browser: Container-overflow in SVG.
https://notcve.org/view.php?id=CVE-2015-1257
platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document. platform/graphics/filters/FEColorMatrix.cpp en la implementación SVG en Blink, utilizado en Google Chrome anterior a 43.0.2357.65, no maneja correctamente un número insuficiente de valores en un filtro feColorMatrix, lo que permite a atacantes remotosw causar una denegación de servicio (desbordamiento de contenedor) o posiblemente tener otro impacto no especificado a través de un documento manipulado. • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html http://www.debian.org/security/2015/dsa-3267 http://www.securityfocus.com/bid/74723 http://www.securitytracker.com/id/1032375 https://code.google.com/p/chromium/issues/detail?id=468519 https://security.gentoo.org/glsa/201506-04 https://src.chromium.org/viewvc/blink?view=rev&am • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2015-1258 – chromium-browser: Negative-size parameter in Libvpx.
https://notcve.org/view.php?id=CVE-2015-1258
Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data. Google Chrome anterior a 43.0.2357.65 depende de código libvpx que no fue construido con un valor --size-limit apropiado, lo que permite a atacantes remotos provocar un valor negativo para un campo tamaño, y como consecuencia causar una denegación de servicio o posiblemente tener otro impacto no especificado, a través de un tamaño Frame en datos de vídeo VP9. • http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168803.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166975.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167428.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html http://www.debian.org/security/2015/dsa-3267 http:&# • CWE-189: Numeric Errors •