CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2015-1231 – chromium-browser: Various fixes from internal audits, fuzzing and other initiatives.
https://notcve.org/view.php?id=CVE-2015-1231
Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 41.0.2272.76 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.ubuntu.com/usn/USN-2521-1 https://code.google.com/p/chromium/issues/detail?id=383777 https://code.google.com/p/chromium/issues/detail?id=404300 https://code.google.com/p/chromium/issues/detail?id=406871 https://code.google.com/p/chromium/issues/detail?id=421499 https://code.google.com/p/chromium/issues/detail? •
CVSS: 6.4EPSS: 2%CPEs: 1EXPL: 0CVE-2015-1224 – chromium-browser: Out-of-bounds read in vpxdecoder
https://notcve.org/view.php?id=CVE-2015-1224
The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are identical to image dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted VPx video data. La función VpxVideoDecoder::VpxDecode en media/filters/vpx_video_decoder.cc en la implementación vpxdecoder en Google Chrome anterior a 41.0.2272.76 no asegura que las dimensiones alpha-plane sean idénticas a las dimensiones de imágenes, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de datos de vídeo VPx manipulados. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 http://www.ubuntu.com/usn/USN-2521-1 https://code.google.com/p/chromium/issues/detail?id=449958 https://codereview.chromium.org/858303002 https://security.gentoo.org/glsa/201503-12 https://access.redhat.com/security/cve/CVE-2015-1224 https://bugzilla.redhat.com/show_bug.cgi?id=1198531 • CWE-17: DEPRECATED: Code CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1213 – chromium-browser: Out-of-bounds write in skia filters
https://notcve.org/view.php?id=CVE-2015-1213
The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation. La función SkBitmap::ReadRawPixels en core/SkBitmap.cpp en la implementación de filtrado en Skia, utilizado en Google Chrome anterior a 41.0.2272.76, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que provocan una operación de escritura fuera de rango. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 http://www.ubuntu.com/usn/USN-2521-1 https://code.google.com/p/chromium/issues/detail?id=448423 https://security.gentoo.org/glsa/201503-12 https://skia.googlesource.com/skia/+/6af314724f51ad79a640844536c667bb83de5690 https://access.redhat.com/security/cve/CVE-2015-1213 https://bugzilla.redhat.com/show_bug.cgi?id=1198519 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1216 – chromium-browser: Use-after-free in v8 bindings
https://notcve.org/view.php?id=CVE-2015-1216
Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a frame detachment. Vulnerabilidad de uso después de liberación en la función V8Window::namedPropertyGetterCustom en bindings/core/v8/custom/V8WindowCustom.cpp en los enlaces V8 en Blink, utilizado en Google Chrome anterior a 41.0.2272.76, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que provocan un desprendimiento de trama. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 http://www.ubuntu.com/usn/USN-2521-1 https://code.google.com/p/chromium/issues/detail?id=454954 https://security.gentoo.org/glsa/201503-12 https://src.chromium.org/viewvc/blink?revision=189574&view=revision https://access.redhat.com/security/cve/CVE-2015-1216 https://bugzilla.redhat.com/show_bug.cgi?id=1198522 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1219 – chromium-browser: Integer overflow in webgl
https://notcve.org/view.php?id=CVE-2015-1219
Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted allocation of a large amount of memory during WebGL rendering. Desbordamiento de enteros en la función SkMallocPixelRef::NewAllocate en core/SkMallocPixelRef.cpp en Skia, utilizado en Google Chrome anterior a 41.0.2272.76, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que provocan un un intento de reserva de una gran cantidad de memoria durante la renderización de WebGL. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 http://www.ubuntu.com/usn/USN-2521-1 https://code.google.com/p/chromium/issues/detail?id=446164 https://security.gentoo.org/glsa/201503-12 https://skia.googlesource.com/skia/+/2ff257bd95c732b9cebc3aac03fbed72d6e6082a https://access.redhat.com/security/cve/CVE-2015-1219 https://bugzilla.redhat.com/show_bug.cgi?id=1198526 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •