CVE-2015-1238 – chromium-browser: Out-of-bounds write in Skia
https://notcve.org/view.php?id=CVE-2015-1238
Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. Skia, utilizado en Google Chrome anterior a 42.0.2311.90, permite a atacantes remotos causar una denegación de servicio (escritura fuera de rango) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0816.html http://ubuntu.com/usn/usn-2570-1 http://www.debian.org/security/2015/dsa-3238 http://www.securitytracker.com/id/1032209 https://code.google.com/p/chromium/issues/detail?id=445808 https://security.gentoo.org/glsa/201506-0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2015-1236 – chromium-browser: Cross-origin-bypass in Blink
https://notcve.org/view.php?id=CVE-2015-1236
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element. La función MediaElementAudioSourceNode::process en modules/webaudio/MediaElementAudioSourceNode.cpp en la implementación Web Audio API en Blink, utilizado en Google Chrome anterior a 42.0.2311.90, permite a atacantes remotos evadir Same Origin Policy y obtener valores sensibles de muestras de audio a través de un sitio web manipulado que contiene un elemento de prensa. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0816.html http://ubuntu.com/usn/usn-2570-1 http://www.debian.org/security/2015/dsa-3238 http://www.securitytracker.com/id/1032209 https://code.google.com/p/chromium/issues/detail?id=313939 https://security.gentoo.org/glsa/201506-0 • CWE-264: Permissions, Privileges, and Access Controls CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2015-1234 – Google Chrome pnacl Shared Memory Time-Of-Check/Time-Of-Use Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1234
Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands. Condición de carrera en gpu/command_buffer/service/gles2_cmd_decoder.cc en Google Chrome anterior a 41.0.2272.118 permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer) o posiblemente tener otro impacto no especificado mediante la manipulación de comandos Es OpenGL. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of communication between the GPU process and the renderer processes. The issue lies in the verification of values from the renderer without copying them out of a shared memory section. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0778.html http://www.securityfocus.com/bid/73486 http://www.securitytracker.com/id/1032012 http://www.ubuntu.com/usn/USN-2556-1 https://code.google.com/p/chromium/issues/detail?id=468936 https://codereview.chromium.org/1016193003 htt • CWE-122: Heap-based Buffer Overflow CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2015-1233 – chromium-browser: combination of V8, Gamepad and IPC bugs that can lead to remote code execution
https://notcve.org/view.php?id=CVE-2015-1233
Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors. Google Chrome anterior a 41.0.2272.118 no maneja correctamente la interacción de IPC, la API Gamepad y Google V8, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0778.html http://www.securityfocus.com/bid/73484 http://www.securitytracker.com/id/1032012 http://www.ubuntu.com/usn/USN-2556-1 https://code.google.com/p/chromium/issues/detail?id=469058 https://security.gentoo.org/glsa/201506-0 • CWE-17: DEPRECATED: Code CWE-122: Heap-based Buffer Overflow •
CVE-2014-9689
https://notcve.org/view.php?id=CVE-2014-9689
content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote attackers to obtain speech signals from a device's physical environment via a crafted web site that listens for ondeviceorientation events, a different vulnerability than CVE-2015-1231. content/renderer/device_sensors/device_orientation_event_pump.cc en Google Chrome anterior a 41.0.2272.76 no restringe correctamente el acceso a datos de giroscopio de alta velocidad, lo que facilita a atacantes remotos obtener señales de voz del ámbito físico de un dispositivo a través de un sitio web manipulado que escucha para eventos ondeviceorientation, una vulnerabilidad diferente a CVE-2015-1231. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html https://code.google.com/p/chromium/issues/detail?id=421691 https://code.google.com/p/chromium/issues/detail?id=463349 https://crypto.stanford.edu/gyrophone/files/gyromic.pdf https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/michalevsky • CWE-264: Permissions, Privileges, and Access Controls •