Page 470 of 3368 results (0.013 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving utterances from a closed tab. Vulnerabilidad de uso después de liberación en browser/speech/tts_message_filter.cc en la implementación Speech en Google Chrome anterior a 40.0.2214.91 permite a atacantes remotos causar una denagación de servicio o la posibilidad de tener otro impacto sin especificar a través de vectores de voz de una pestaña cerrada. • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://www.securitytracker.com/id/1031623 https://code.google.com/p/chromium/issues/detail?id=402957 https://codereview.chromium.org • CWE-416: Use After Free •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcache_update_job.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5 application content via a crafted certificate. La función AppCacheUpdateJob::URLFetcher::OnResponseStarted en content/browser/appcache/appcache_update_job.cc en Google Chrome anterior a 40.0.2214.91 procede con la cache AppCache para sesiones SSL incluso si hay un error de certificado X.509, lo que permite ataques man-in-the-middle suplantar el contenido de una aplicación HTML5 a través de un certificado modificado. • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://www.securitytracker.com/id/1031623 http://www.ubuntu.com/usn/USN-2476-1 https:/& • CWE-310: Cryptographic Issues •

CVSS: 6.4EPSS: 2%CPEs: 1EXPL: 0

The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 40.0.2214.91, does not properly handle odd values of image width, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. La función sycc422_to_rgb en fxcodec/codec/fx_codec_jpx_opj.cpp en PDFium, utilizado en Google Chrome anterior a 40.0.2214.91, no maneja correctamente los valores impares de la anchura de imágenes, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de un documento PDF manipulado. • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://www.securitytracker.com/id/1031623 https://code.google.com/p/chromium/issues/detail?id=418881 https://pdfium.googlesource.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0

Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references, related to content/browser/indexed_db/indexed_db_callbacks.cc and content/browser/indexed_db/indexed_db_dispatcher_host.cc. Vulnerabilidad de uso después de liberación en la implementación IndexedDB en Google Chrome anterior a 40.0.2214.91 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante la provocación de referencias BLOB duplicadas, relacionado con content/browser/indexed_db/indexed_db_callbacks.cc y content/browser/indexed_db/indexed_db_dispatcher_host.cc. • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://www.securitytracker.com/id/1031623 http://www.ubuntu.com/usn/USN-2476-1 https:/& • CWE-416: Use After Free •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 40.0.2214.91 permite a atacantes causar una denegación de servicio o la posibilidad de tener otro impacto a través de vectores desconocidos • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http:/ •