CVSS: 7.5EPSS: 8%CPEs: 4EXPL: 0CVE-2015-1234 – Google Chrome pnacl Shared Memory Time-Of-Check/Time-Of-Use Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1234
Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands. Condición de carrera en gpu/command_buffer/service/gles2_cmd_decoder.cc en Google Chrome anterior a 41.0.2272.118 permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer) o posiblemente tener otro impacto no especificado mediante la manipulación de comandos Es OpenGL. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of communication between the GPU process and the renderer processes. The issue lies in the verification of values from the renderer without copying them out of a shared memory section. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0778.html http://www.securityfocus.com/bid/73486 http://www.securitytracker.com/id/1032012 http://www.ubuntu.com/usn/USN-2556-1 https://code.google.com/p/chromium/issues/detail?id=468936 https://codereview.chromium.org/1016193003 htt • CWE-122: Heap-based Buffer Overflow CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 6%CPEs: 4EXPL: 0CVE-2015-1233 – chromium-browser: combination of V8, Gamepad and IPC bugs that can lead to remote code execution
https://notcve.org/view.php?id=CVE-2015-1233
Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors. Google Chrome anterior a 41.0.2272.118 no maneja correctamente la interacción de IPC, la API Gamepad y Google V8, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0778.html http://www.securityfocus.com/bid/73484 http://www.securitytracker.com/id/1032012 http://www.ubuntu.com/usn/USN-2556-1 https://code.google.com/p/chromium/issues/detail?id=469058 https://security.gentoo.org/glsa/201506-0 • CWE-17: DEPRECATED: Code CWE-122: Heap-based Buffer Overflow •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9689
https://notcve.org/view.php?id=CVE-2014-9689
content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote attackers to obtain speech signals from a device's physical environment via a crafted web site that listens for ondeviceorientation events, a different vulnerability than CVE-2015-1231. content/renderer/device_sensors/device_orientation_event_pump.cc en Google Chrome anterior a 41.0.2272.76 no restringe correctamente el acceso a datos de giroscopio de alta velocidad, lo que facilita a atacantes remotos obtener señales de voz del ámbito físico de un dispositivo a través de un sitio web manipulado que escucha para eventos ondeviceorientation, una vulnerabilidad diferente a CVE-2015-1231. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html https://code.google.com/p/chromium/issues/detail?id=421691 https://code.google.com/p/chromium/issues/detail?id=463349 https://crypto.stanford.edu/gyrophone/files/gyromic.pdf https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/michalevsky • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-2238
https://notcve.org/view.php?id=CVE-2015-2238
Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 anterior a 4.1.0.21, utilizado en Google Chrome anterior a 41.0.2272.76, permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://www.ubuntu.com/usn/USN-2521-1 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1232 – chromium-browser: Out-of-bounds write in media
https://notcve.org/view.php?id=CVE-2015-1232
Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212. Error en el indice del array en la función MidiManagerUsb::DispatchSendMidiData en media/midi/midi_manager_usb.cc en Google Chrome anterior a 41.0.2272.76 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante el aprovechamiento de acceso al renderizador para proporcionar un indice de puertos inválido que provoca una operación de escritura fuera de rango, una vulnerabilidad diferente a CVE-2015-1212. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html https://code.google.com/p/chromium/issues/detail?id=456516 https://codereview.chromium.org/907793002 https://security.gentoo.org/glsa/201503-12 https://access.redhat.com/security/cve/CVE-2015-1232 https://bugzilla.redhat.com/show_bug.cgi?id=1205142 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •