CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1247 – chromium-browser: Scheme issues in OpenSearch
https://notcve.org/view.php?id=CVE-2015-1247
The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local files via a crafted (1) http or (2) https web site. La función SearchEngineTabHelper::OnPageHasOSDD en browser/ui/search_engines/search_engine_tab_helper.cc en Google Chrome anterior a 42.0.2311.90 no previene el uso de una URL file: para un documento XML de descriptores de OpenSearch, lo que podría permitir a atacantes remotos obtener información sensible de ficheros locales a través de un sitio web (1) http o (2) https manipulado. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0816.html http://www.debian.org/security/2015/dsa-3238 http://www.securitytracker.com/id/1032209 https://code.google.com/p/chromium/issues/detail?id=429838 https://codereview.chromium.org/917313004 https://security.gentoo.org/glsa/201506-0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 7.5EPSS: 6%CPEs: 4EXPL: 0CVE-2015-1233 – chromium-browser: combination of V8, Gamepad and IPC bugs that can lead to remote code execution
https://notcve.org/view.php?id=CVE-2015-1233
Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors. Google Chrome anterior a 41.0.2272.118 no maneja correctamente la interacción de IPC, la API Gamepad y Google V8, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0778.html http://www.securityfocus.com/bid/73484 http://www.securitytracker.com/id/1032012 http://www.ubuntu.com/usn/USN-2556-1 https://code.google.com/p/chromium/issues/detail?id=469058 https://security.gentoo.org/glsa/201506-0 • CWE-17: DEPRECATED: Code CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 8%CPEs: 4EXPL: 0CVE-2015-1234 – Google Chrome pnacl Shared Memory Time-Of-Check/Time-Of-Use Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1234
Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands. Condición de carrera en gpu/command_buffer/service/gles2_cmd_decoder.cc en Google Chrome anterior a 41.0.2272.118 permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer) o posiblemente tener otro impacto no especificado mediante la manipulación de comandos Es OpenGL. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of communication between the GPU process and the renderer processes. The issue lies in the verification of values from the renderer without copying them out of a shared memory section. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0778.html http://www.securityfocus.com/bid/73486 http://www.securitytracker.com/id/1032012 http://www.ubuntu.com/usn/USN-2556-1 https://code.google.com/p/chromium/issues/detail?id=468936 https://codereview.chromium.org/1016193003 htt • CWE-122: Heap-based Buffer Overflow CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1232 – chromium-browser: Out-of-bounds write in media
https://notcve.org/view.php?id=CVE-2015-1232
Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212. Error en el indice del array en la función MidiManagerUsb::DispatchSendMidiData en media/midi/midi_manager_usb.cc en Google Chrome anterior a 41.0.2272.76 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante el aprovechamiento de acceso al renderizador para proporcionar un indice de puertos inválido que provoca una operación de escritura fuera de rango, una vulnerabilidad diferente a CVE-2015-1212. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html https://code.google.com/p/chromium/issues/detail?id=456516 https://codereview.chromium.org/907793002 https://security.gentoo.org/glsa/201503-12 https://access.redhat.com/security/cve/CVE-2015-1232 https://bugzilla.redhat.com/show_bug.cgi?id=1205142 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-2238
https://notcve.org/view.php?id=CVE-2015-2238
Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 anterior a 4.1.0.21, utilizado en Google Chrome anterior a 41.0.2272.76, permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://www.ubuntu.com/usn/USN-2521-1 •