CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 0CVE-2015-1225 – chromium-browser: Out-of-bounds read in pdfium
https://notcve.org/view.php?id=CVE-2015-1225
PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. PDFium, utilizado en Google Chrome anterior a 41.0.2272.76, permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 https://code.google.com/p/chromium/issues/detail?id=446033 https://security.gentoo.org/glsa/201503-12 https://access.redhat.com/security/cve/CVE-2015-1225 https://bugzilla.redhat.com/show_bug.cgi?id=1198532 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1220 – chromium-browser: Use-after-free in gif decoder
https://notcve.org/view.php?id=CVE-2015-1220
Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size in a GIF image. Vulnerabilidad de uso después de liberación en la función GIFImageReader::parseData en platform/image-decoders/gif/GIFImageReader.cpp en Blink, utilizado en Google Chrome anterior a 41.0.2272.76, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un tamaño de trama manipulado en una imagen GIF. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 http://www.ubuntu.com/usn/USN-2521-1 https://code.google.com/p/chromium/issues/detail?id=437651 https://security.gentoo.org/glsa/201503-12 https://src.chromium.org/viewvc/blink?revision=188423&view=revision https://access.redhat.com/security/cve/CVE-2015-1220 https://bugzilla.redhat.com/show_bug.cgi?id=1198527 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2015-1211 – chromium-browser: privilege escalation in service workers
https://notcve.org/view.php?id=CVE-2015-1211
The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI. La función OriginCanAccessServiceWorkers en content/browser/service_worker/service_worker_dispatcher_host.cc en Google Chrome anterior a 40.0.2214.111 en Windows, OS X, y Linux y anterior a 40.0.2214.109 en Android no restringe correctamente la esquema de la URI durante un registro Serviceworker, lo que permite a atacantes remotos ganar privilegios a través de una URI filesystem:. • http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0163.html http://secunia.com/advisories/62670 http://secunia.com/advisories/62818 http://secunia.com/advisories/62917 http://secunia.com/advisories/62925 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.secur •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2015-1212 – chromium-browser: various security fixes in Chrome 40.0.2214.111
https://notcve.org/view.php?id=CVE-2015-1212
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificados en Google Chrome before 40.0.2214.111 en Windows, OS X, y Linux y anterior a 40.0.2214.109 en Android permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0163.html http://secunia.com/advisories/62670 http://secunia.com/advisories/62818 http://secunia.com/advisories/62917 http://secunia.com/advisories/62925 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.secur •
CVSS: 6.8EPSS: 0%CPEs: 14EXPL: 0CVE-2015-1210 – chromium-browser: cross-origin-bypass in V8 bindings
https://notcve.org/view.php?id=CVE-2015-1210
The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. La función V8ThrowException::createDOMException en bindings/core/v8/V8ThrowException.cpp en las vinculaciones V8 en Blink, utilizado en Google Chrome anterior a 40.0.2214.111 en Windows, OS X, y Linux y anterior a 40.0.2214.109 en Android, no considera correctamente las restricciones de acceso a Frame durante el lanzamiento de una excepción, lo que permite a atacantes remotos evadir Same Origin Policy a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0163.html http://secunia.com/advisories/62670 http://secunia.com/advisories/62818 http://secunia.com/advisories/62917 http://secunia.com/advisories/62925 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.secur •