CVE-2015-1233 – chromium-browser: combination of V8, Gamepad and IPC bugs that can lead to remote code execution
https://notcve.org/view.php?id=CVE-2015-1233
Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors. Google Chrome anterior a 41.0.2272.118 no maneja correctamente la interacción de IPC, la API Gamepad y Google V8, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0778.html http://www.securityfocus.com/bid/73484 http://www.securitytracker.com/id/1032012 http://www.ubuntu.com/usn/USN-2556-1 https://code.google.com/p/chromium/issues/detail?id=469058 https://security.gentoo.org/glsa/201506-0 • CWE-17: DEPRECATED: Code CWE-122: Heap-based Buffer Overflow •
CVE-2015-1234 – Google Chrome pnacl Shared Memory Time-Of-Check/Time-Of-Use Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1234
Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands. Condición de carrera en gpu/command_buffer/service/gles2_cmd_decoder.cc en Google Chrome anterior a 41.0.2272.118 permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer) o posiblemente tener otro impacto no especificado mediante la manipulación de comandos Es OpenGL. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of communication between the GPU process and the renderer processes. The issue lies in the verification of values from the renderer without copying them out of a shared memory section. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0778.html http://www.securityfocus.com/bid/73486 http://www.securitytracker.com/id/1032012 http://www.ubuntu.com/usn/USN-2556-1 https://code.google.com/p/chromium/issues/detail?id=468936 https://codereview.chromium.org/1016193003 htt • CWE-122: Heap-based Buffer Overflow CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2011-5319
https://notcve.org/view.php?id=CVE-2011-5319
content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate accelerometer data, which makes it easier for remote attackers to capture keystrokes via a crafted web site that listens for ondevicemotion events, a different vulnerability than CVE-2015-1231. content/renderer/device_sensors/device_motion_event_pump.cc en Google Chrome anterior a 41.0.2272.76 no restringe correctamente el acceso a los datos de 'accelerometer' de alta velocidad, lo que facilita a atacantes remotos capturar las pulsaciones del teclado a través de un sitio web manipulado que escucha para eventos 'ondevicemotion', una vulnerabilidad diferente a CVE-2015-1231. • http://dl.acm.org/citation.cfm?id=2046771 http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://www.cc.gatech.edu/~traynor/papers/traynor-ccs11.pdf https://code.google.com/p/chromium/issues/detail?id=421691 https://code.google.com/p/chromium/issues/detail?id=463349 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-2239
https://notcve.org/view.php?id=CVE-2015-2239
Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider the interaction between the "1993 search" features and restore-from-disk RELOAD transitions, which makes it easier for remote attackers to spoof the address bar for a search-results page by leveraging (1) a compromised search engine or (2) an XSS vulnerability in a search engine, a different vulnerability than CVE-2015-1231. Google Chrome anterior a 41.0.2272.76, cuando el modo Instant Extended está utilizado, no considera correctamente la interacción entre las características de búsqueda 1993 ('1993 search') y las transiciones restaurar del disco RELOAD (restore-from-disk RELOAD), lo que facilita a atacantes remotos falsificar la barra de direcciones para una página de resultados de búsquedas mediante el aprovechamiento de (1) un motor de búsqueda comprometido o (2) una vulnerabilidad de XSS en un motor de búsqueda, una vulnerabilidad diferente a CVE-2015-1231. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://www.securityfocus.com/bid/74855 https://code.google.com/p/chromium/issues/detail?id=256724 https://code.google.com/p/chromium/issues/detail?id=463349 • CWE-19: Data Processing Errors •
CVE-2014-9689
https://notcve.org/view.php?id=CVE-2014-9689
content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote attackers to obtain speech signals from a device's physical environment via a crafted web site that listens for ondeviceorientation events, a different vulnerability than CVE-2015-1231. content/renderer/device_sensors/device_orientation_event_pump.cc en Google Chrome anterior a 41.0.2272.76 no restringe correctamente el acceso a datos de giroscopio de alta velocidad, lo que facilita a atacantes remotos obtener señales de voz del ámbito físico de un dispositivo a través de un sitio web manipulado que escucha para eventos ondeviceorientation, una vulnerabilidad diferente a CVE-2015-1231. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html https://code.google.com/p/chromium/issues/detail?id=421691 https://code.google.com/p/chromium/issues/detail?id=463349 https://crypto.stanford.edu/gyrophone/files/gyromic.pdf https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/michalevsky • CWE-264: Permissions, Privileges, and Access Controls •