CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2015-1237 – chromium-browser: Use-after-free in IPC
https://notcve.org/view.php?id=CVE-2015-1237
Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages during a detach operation. Vulnerabilidad de uso después de liberación en la función RenderFrameImpl::OnMessageReceived en content/renderer/render_frame_impl.cc en Google Chrome anterior a 42.0.2311.90 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que provocan mensajes IPC de renderización durante una operación de separación. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0816.html http://ubuntu.com/usn/usn-2570-1 http://www.debian.org/security/2015/dsa-3238 http://www.securitytracker.com/id/1032209 https://code.google.com/p/chromium/issues/detail?id=461191 https://codereview.chromium.org/1007123003 htt • CWE-416: Use After Free •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2015-1238 – chromium-browser: Out-of-bounds write in Skia
https://notcve.org/view.php?id=CVE-2015-1238
Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. Skia, utilizado en Google Chrome anterior a 42.0.2311.90, permite a atacantes remotos causar una denegación de servicio (escritura fuera de rango) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0816.html http://ubuntu.com/usn/usn-2570-1 http://www.debian.org/security/2015/dsa-3238 http://www.securitytracker.com/id/1032209 https://code.google.com/p/chromium/issues/detail?id=445808 https://security.gentoo.org/glsa/201506-0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2015-1242 – chromium-browser: Type confusion in V8
https://notcve.org/view.php?id=CVE-2015-1242
The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages "type confusion" in the check-elimination optimization. La función ReduceTransitionElementsKind en hydrogen-check-elimination.cc en Google V8 anterior a 4.2.77.8, utilizado en Google Chrome anterior a 42.0.2311.90, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de código JavaScript manipulado que aprovecha la 'confusión de tipos' en la optimización de la comprobación de la eliminación. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0816.html http://ubuntu.com/usn/usn-2570-1 http://www.debian.org/security/2015/dsa-3238 http://www.securitytracker.com/id/1032209 https://code.google.com/p/chromium/issues/detail?id=460917 https://codereview.chromium.org/1000893003 htt • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 6.4EPSS: 4%CPEs: 2EXPL: 0CVE-2015-1246 – chromium-browser: Out-of-bounds read in Blink
https://notcve.org/view.php?id=CVE-2015-1246
Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Blink, utilizado en Google Chrome anterior a 42.0.2311.90, permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0816.html http://ubuntu.com/usn/usn-2570-1 http://www.debian.org/security/2015/dsa-3238 http://www.securitytracker.com/id/1032209 https://code.google.com/p/chromium/issues/detail?id=437399 https://security.gentoo.org/glsa/201506-0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1249 – chromium-browser: Various fixes from internal audits, fuzzing and other initiatives
https://notcve.org/view.php?id=CVE-2015-1249
Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 42.0.2311.90 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0816.html http://ubuntu.com/usn/usn-2570-1 http://www.debian.org/security/2015/dsa-3238 http://www.securitytracker.com/id/1032209 https://code.google.com/p/chromium/issues/detail?id=389595 https://code.google.com/p/chromium/issue • CWE-122: Heap-based Buffer Overflow •