logo
DATABASE RESOURCES PRICING ABOUT US

chromium: multiple issues

Description

- CVE-2015-1251 (arbitrary code execution) Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem allows remote attackers to execute arbitrary code via a crafted document. - CVE-2015-1252 (sandbox protection bypass) It has been discovered that common/partial_circular_buffer.cc does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions. - CVE-2015-1253 (same origin policy bypass) It has been discovered that core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions. - CVE-2015-1254 (same origin policy bypass) It has been discovered that core/dom/Document.cpp in Blink enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing. - CVE-2015-1255 (denial of service) Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track. - CVE-2015-1256 (denial of service) Use-after-free vulnerability in the SVG implementation in Blink allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element. - CVE-2015-1257 (denial of service) It has been discovered that platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document. - CVE-2015-1258 (denial of service) Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data. - CVE-2015-1259 (denial of service) PDFium does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. - CVE-2015-1260 (denial of service) Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request. - CVE-2015-1263 (man-in-the-middle) The Spellcheck API implementation does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file. - CVE-2015-1264 (cross side scripting) Cross-site scripting (XSS) vulnerability allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks feature. - CVE-2015-1265 (denial of service) Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.


Affected Package


OS OS Version Package Name Package Version
any any chromium 43.0.2357.65-1

Related