CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2015-3335
https://notcve.org/view.php?id=CVE-2015-3335
The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits for Native Client (aka NaCl) processes, which might make it easier for remote attackers to conduct row-hammer attacks or have unspecified other impact by leveraging the ability to run a crafted program in the NaCl sandbox. La función NaClSandbox::InitializeLayerTwoSandbox en components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc en Google Chrome anterior a 42.0.2311.90 no tiene los límites RLIMIT_AS y RLIMIT_DATA para los procesos Native Client (también conocido como NaCl), lo que podría facilitar a atacantes remotos realizar ataques 'row-hammer' o tener otro impacto no especificado mediante el aprovechamiento de la habilidad de hacer funcionar un programa manipulado en el sandbox NaCl. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html http://www.securityfocus.com/bid/72715 https://code.google.com/p/chromium/issues/detail?id=455839 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2015-3336
https://notcve.org/view.php?id=CVE-2015-3336
Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document containing JavaScript code with requestFullScreen and requestPointerLock calls, and arranging for the user to access this document with a file: URL. Google Chrome anterior a 42.0.2311.90 no siempre pregunta al usuario antes de proceder con cambios de CONTENT_SETTINGS_TYPE_FULLSCREEN y CONTENT_SETTINGS_TYPE_MOUSELOCK, lo que permite a atacantes remotos asistidos por usuario causar una denegación de servicio (interrupción de la interfaz del usuario) mediante la construcción de un documento HTML manipulado que contiene código JavaScript con llamadas requestFullScreen y requestPointerLock, y la organización del acceso del usuario a este documento con una URL file:. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html http://www.debian.org/security/2015/dsa-3238 http://www.securityfocus.com/bid/74227 https://code.google.com/p/chromium/issues/detail?id=455953 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-1245 – chromium-browser: Use-after-free in PDFium
https://notcve.org/view.php?id=CVE-2015-1245
Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering interaction with a PDFium "Open PDF in Reader" button that has an invalid tab association. Vulnerabilidad de uso después de liberación en la función OpenPDFInReaderView::Update en browser/ui/views/location_bar/open_pdf_in_reader_view.cc en Google Chrome anterior a 41.0.2272.76 podría permitir a atacantes remotos asistidos por usuario causar una denegación de servicio (corrupción de memoria dinámica) o posiblemente tener otro impacto no especificado mediante la provocación de la interacción con un botón de ' PDF abierto en Reader' de PDFium que tiene una asociación de pestaña inválida. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0816.html http://www.debian.org/security/2015/dsa-3238 http://www.securitytracker.com/id/1032209 https://code.google.com/p/chromium/issues/detail?id=444957 https://codereview.chromium.org/831283002 https://security.gentoo.org/glsa/201506-0 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 14EXPL: 1CVE-2015-1241 – chromium-browser: tap-jacking vulnerability
https://notcve.org/view.php?id=CVE-2015-1241
Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack. Google Chrome anterior a 42.0.2311.90 no considera correctamente la interacción de la navegación de páginas con el manejo de los eventos 'táctiles' (touch) y los eventos de 'gestos' (gesture), lo que permite a atacantes remotos provocar acciones no intencionadas de la interfaz del usuario a través de un sitio web manipulado que realiza un ataque de 'tapjacking'. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0816.html http://ubuntu.com/usn/usn-2570-1 http://www.debian.org/security/2015/dsa-3238 http://www.securitytracker.com/id/1032209 https://code.google.com/p/chromium/issues/detail?id=418402 https://codereview.chromium.org/628763003 http • CWE-352: Cross-Site Request Forgery (CSRF) CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1244 – chromium-browser: HSTS bypass in WebSockets
https://notcve.org/view.php?id=CVE-2015-1244
The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic. La función URLRequest::GetHSTSRedirect en url_request/url_request.cc en Google Chrome anterior a 42.0.2311.90 no remplaza el esquema wss cuando una política HSTS está activada, lo que facilita a atacantes remotos obtener información sensible mediante la captura de trafico WebSocket de la red. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0816.html http://ubuntu.com/usn/usn-2570-1 http://www.debian.org/security/2015/dsa-3238 http://www.securitytracker.com/id/1032209 https://chromium.googlesource.com/chromium/src/net/+/2359906c4fdfa9d44b045755d23fe5327c10e010 https://code.google. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-305: Authentication Bypass by Primary Weakness •