CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2015-1238 – chromium-browser: Out-of-bounds write in Skia
https://notcve.org/view.php?id=CVE-2015-1238
Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. Skia, utilizado en Google Chrome anterior a 42.0.2311.90, permite a atacantes remotos causar una denegación de servicio (escritura fuera de rango) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0816.html http://ubuntu.com/usn/usn-2570-1 http://www.debian.org/security/2015/dsa-3238 http://www.securitytracker.com/id/1032209 https://code.google.com/p/chromium/issues/detail?id=445808 https://security.gentoo.org/glsa/201506-0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 6%CPEs: 4EXPL: 0CVE-2015-1233 – chromium-browser: combination of V8, Gamepad and IPC bugs that can lead to remote code execution
https://notcve.org/view.php?id=CVE-2015-1233
Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors. Google Chrome anterior a 41.0.2272.118 no maneja correctamente la interacción de IPC, la API Gamepad y Google V8, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0778.html http://www.securityfocus.com/bid/73484 http://www.securitytracker.com/id/1032012 http://www.ubuntu.com/usn/USN-2556-1 https://code.google.com/p/chromium/issues/detail?id=469058 https://security.gentoo.org/glsa/201506-0 • CWE-17: DEPRECATED: Code CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 8%CPEs: 4EXPL: 0CVE-2015-1234 – Google Chrome pnacl Shared Memory Time-Of-Check/Time-Of-Use Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1234
Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands. Condición de carrera en gpu/command_buffer/service/gles2_cmd_decoder.cc en Google Chrome anterior a 41.0.2272.118 permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer) o posiblemente tener otro impacto no especificado mediante la manipulación de comandos Es OpenGL. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of communication between the GPU process and the renderer processes. The issue lies in the verification of values from the renderer without copying them out of a shared memory section. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0778.html http://www.securityfocus.com/bid/73486 http://www.securitytracker.com/id/1032012 http://www.ubuntu.com/usn/USN-2556-1 https://code.google.com/p/chromium/issues/detail?id=468936 https://codereview.chromium.org/1016193003 htt • CWE-122: Heap-based Buffer Overflow CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-5319
https://notcve.org/view.php?id=CVE-2011-5319
content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate accelerometer data, which makes it easier for remote attackers to capture keystrokes via a crafted web site that listens for ondevicemotion events, a different vulnerability than CVE-2015-1231. content/renderer/device_sensors/device_motion_event_pump.cc en Google Chrome anterior a 41.0.2272.76 no restringe correctamente el acceso a los datos de 'accelerometer' de alta velocidad, lo que facilita a atacantes remotos capturar las pulsaciones del teclado a través de un sitio web manipulado que escucha para eventos 'ondevicemotion', una vulnerabilidad diferente a CVE-2015-1231. • http://dl.acm.org/citation.cfm?id=2046771 http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://www.cc.gatech.edu/~traynor/papers/traynor-ccs11.pdf https://code.google.com/p/chromium/issues/detail?id=421691 https://code.google.com/p/chromium/issues/detail?id=463349 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9689
https://notcve.org/view.php?id=CVE-2014-9689
content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote attackers to obtain speech signals from a device's physical environment via a crafted web site that listens for ondeviceorientation events, a different vulnerability than CVE-2015-1231. content/renderer/device_sensors/device_orientation_event_pump.cc en Google Chrome anterior a 41.0.2272.76 no restringe correctamente el acceso a datos de giroscopio de alta velocidad, lo que facilita a atacantes remotos obtener señales de voz del ámbito físico de un dispositivo a través de un sitio web manipulado que escucha para eventos ondeviceorientation, una vulnerabilidad diferente a CVE-2015-1231. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html https://code.google.com/p/chromium/issues/detail?id=421691 https://code.google.com/p/chromium/issues/detail?id=463349 https://crypto.stanford.edu/gyrophone/files/gyromic.pdf https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/michalevsky • CWE-264: Permissions, Privileges, and Access Controls •