CVE-2015-1228 – chromium-browser: Uninitialized value in rendering
https://notcve.org/view.php?id=CVE-2015-1228
The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence. La función RenderCounter::updateCounter en core/rendering/RenderCounter.cpp en Blink, utilizado en Google Chrome anterior a 41.0.2272.76, no fuerza una operación relayout y como consecuencia no inicializa la memoria para una estructura de datos, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) o posiblemente tener otro impacto no especificado a través de una secuencia de tokens Cascading Style Sheets (CSS) manipulada. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 http://www.ubuntu.com/usn/USN-2521-1 https://code.google.com/p/chromium/issues/detail?id=444707 https://security.gentoo.org/glsa/201503-12 https://src.chromium.org/viewvc/blink?revision=188180&view=revision https://access.redhat.com/security/cve/CVE-2015-1228 https://bugzilla.redhat.com/show_bug.cgi?id=1198535 • CWE-399: Resource Management Errors CWE-456: Missing Initialization of a Variable •
CVE-2015-1214 – chromium-browser: Out-of-bounds write in skia filters
https://notcve.org/view.php?id=CVE-2015-1214
Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset action with a large count value, leading to an out-of-bounds write operation. Desbordamiento de enteros en la implementación SkAutoSTArray en include/core/SkTemplates.h en la implementación de filtrado en Skia, utilizado en Google Chrome anterior a 41.0.2272.76, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que provocan una acción de restablecimiento con un valor de cuenta grande, que conduce a una operación de escritura fuera de rango. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 http://www.ubuntu.com/usn/USN-2521-1 https://code.google.com/p/chromium/issues/detail?id=445810 https://security.gentoo.org/glsa/201503-12 https://skia.googlesource.com/skia/+/23d432080cb8506bf8e371b1637ce8f2de9c0c05 https://access.redhat.com/security/cve/CVE-2015-1214 https://bugzilla.redhat.com/show_bug.cgi?id=1198520 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2015-1229 – chromium-browser: Cookie injection in proxies
https://notcve.org/view.php?id=CVE-2015-1229
net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response. net/http/proxy_client_socket.cc en Google Chrome anterior a 41.0.2272.76 no maneja correctamente un código de estatus HTTP 407 (también conocido como Proxy Authentication Required) acompañado de una cabecera Set-Cookie, lo que permite a servidores remotos proxy realizar ataques de inyección de cookies a través de una respuesta manipulada. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 http://www.ubuntu.com/usn/USN-2521-1 https://code.google.com/p/chromium/issues/detail?id=431504 https://codereview.chromium.org/769043003 https://security.gentoo.org/glsa/201503-12 https://access.redhat.com/security/cve/CVE-2015-1229 https://bugzilla.redhat.com/show_bug.cgi?id=1198536 • CWE-19: Data Processing Errors •
CVE-2015-1219 – chromium-browser: Integer overflow in webgl
https://notcve.org/view.php?id=CVE-2015-1219
Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted allocation of a large amount of memory during WebGL rendering. Desbordamiento de enteros en la función SkMallocPixelRef::NewAllocate en core/SkMallocPixelRef.cpp en Skia, utilizado en Google Chrome anterior a 41.0.2272.76, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que provocan un un intento de reserva de una gran cantidad de memoria durante la renderización de WebGL. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 http://www.ubuntu.com/usn/USN-2521-1 https://code.google.com/p/chromium/issues/detail?id=446164 https://security.gentoo.org/glsa/201503-12 https://skia.googlesource.com/skia/+/2ff257bd95c732b9cebc3aac03fbed72d6e6082a https://access.redhat.com/security/cve/CVE-2015-1219 https://bugzilla.redhat.com/show_bug.cgi?id=1198526 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2015-1216 – chromium-browser: Use-after-free in v8 bindings
https://notcve.org/view.php?id=CVE-2015-1216
Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a frame detachment. Vulnerabilidad de uso después de liberación en la función V8Window::namedPropertyGetterCustom en bindings/core/v8/custom/V8WindowCustom.cpp en los enlaces V8 en Blink, utilizado en Google Chrome anterior a 41.0.2272.76, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que provocan un desprendimiento de trama. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 http://www.ubuntu.com/usn/USN-2521-1 https://code.google.com/p/chromium/issues/detail?id=454954 https://security.gentoo.org/glsa/201503-12 https://src.chromium.org/viewvc/blink?revision=189574&view=revision https://access.redhat.com/security/cve/CVE-2015-1216 https://bugzilla.redhat.com/show_bug.cgi?id=1198522 • CWE-416: Use After Free •