CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1232 – chromium-browser: Out-of-bounds write in media
https://notcve.org/view.php?id=CVE-2015-1232
Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212. Error en el indice del array en la función MidiManagerUsb::DispatchSendMidiData en media/midi/midi_manager_usb.cc en Google Chrome anterior a 41.0.2272.76 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante el aprovechamiento de acceso al renderizador para proporcionar un indice de puertos inválido que provoca una operación de escritura fuera de rango, una vulnerabilidad diferente a CVE-2015-1212. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html https://code.google.com/p/chromium/issues/detail?id=456516 https://codereview.chromium.org/907793002 https://security.gentoo.org/glsa/201503-12 https://access.redhat.com/security/cve/CVE-2015-1232 https://bugzilla.redhat.com/show_bug.cgi?id=1205142 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-5319
https://notcve.org/view.php?id=CVE-2011-5319
content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate accelerometer data, which makes it easier for remote attackers to capture keystrokes via a crafted web site that listens for ondevicemotion events, a different vulnerability than CVE-2015-1231. content/renderer/device_sensors/device_motion_event_pump.cc en Google Chrome anterior a 41.0.2272.76 no restringe correctamente el acceso a los datos de 'accelerometer' de alta velocidad, lo que facilita a atacantes remotos capturar las pulsaciones del teclado a través de un sitio web manipulado que escucha para eventos 'ondevicemotion', una vulnerabilidad diferente a CVE-2015-1231. • http://dl.acm.org/citation.cfm?id=2046771 http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://www.cc.gatech.edu/~traynor/papers/traynor-ccs11.pdf https://code.google.com/p/chromium/issues/detail?id=421691 https://code.google.com/p/chromium/issues/detail?id=463349 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2239
https://notcve.org/view.php?id=CVE-2015-2239
Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider the interaction between the "1993 search" features and restore-from-disk RELOAD transitions, which makes it easier for remote attackers to spoof the address bar for a search-results page by leveraging (1) a compromised search engine or (2) an XSS vulnerability in a search engine, a different vulnerability than CVE-2015-1231. Google Chrome anterior a 41.0.2272.76, cuando el modo Instant Extended está utilizado, no considera correctamente la interacción entre las características de búsqueda 1993 ('1993 search') y las transiciones restaurar del disco RELOAD (restore-from-disk RELOAD), lo que facilita a atacantes remotos falsificar la barra de direcciones para una página de resultados de búsquedas mediante el aprovechamiento de (1) un motor de búsqueda comprometido o (2) una vulnerabilidad de XSS en un motor de búsqueda, una vulnerabilidad diferente a CVE-2015-1231. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://www.securityfocus.com/bid/74855 https://code.google.com/p/chromium/issues/detail?id=256724 https://code.google.com/p/chromium/issues/detail?id=463349 • CWE-19: Data Processing Errors •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2014-9654 – icu: insufficient size limit checks in regular expression compiler
https://notcve.org/view.php?id=CVE-2014-9654
The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923. El paquete Regular Expressions en International Components para Unicode (ICU) for C/C++ en las versiones anteriores a 03-12-2014, como se utiliza en Google Chrome en versiones anteriores a 40.0.2214.91, calcula ciertos valores sin asegurarse de que pueden representarse en un campo de 24 bits, que permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de una cadena manipulada, un problema relacionado con CVE-2014-7923. • http://bugs.icu-project.org/trac/changeset/36801 http://bugs.icu-project.org/trac/ticket/11371 http://openwall.com/lists/oss-security/2015/02/05/15 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securitytracker.com/id/1035410 https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5 https://code.google.com/p/chromium/issues/detail?id=432209 https://security.gentoo.org/glsa/201503-06 https://www.oracle.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1217 – chromium-browser: Type confusion in v8 bindings
https://notcve.org/view.php?id=CVE-2015-1217
The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." La función V8LazyEventListener::prepareListenerObject en bindings/core/v8/V8LazyEventListener.cpp en los enlaces V8 en Blink, utilizado en Google Chrome anterior a 41.0.2272.76, no compila correctamente los oyentes, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que aprovechan una 'confusión de tipos.' • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 http://www.ubuntu.com/usn/USN-2521-1 https://code.google.com/p/chromium/issues/detail?id=456192 https://codereview.chromium.org/910683002 https://codereview.chromium.org/958543002 https://security.gentoo.org/glsa/201503-12 https://src.chromium.org/viewvc/blink?revision=189796&view=revision https://access.redhat.com/sec • CWE-17: DEPRECATED: Code CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •