7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.067 Low
EPSS
Percentile
93.1%
Use-after-free vulnerability in the SpeechRecognitionClient
implementation in the Speech subsystem allows remote attackers to
execute arbitrary code via a crafted document.
It has been discovered that common/partial_circular_buffer.cc does not
properly handle wraps, which allows remote attackers to bypass a sandbox
protection mechanism or cause a denial of service (out-of-bounds write)
via vectors that trigger a write operation with a large amount of data,
related to the PartialCircularBuffer::Write and
PartialCircularBuffer::DoWrite functions.
It has been discovered that core/html/parser/HTMLConstructionSite.cpp in
the DOM implementation in Blink allows remote attackers to bypass the
Same Origin Policy via crafted JavaScript code that appends a child to a
SCRIPT element, related to the insert and executeReparentTask functions.
It has been discovered that core/dom/Document.cpp in Blink enables the
inheritance of the designMode attribute, which allows remote attackers
to bypass the Same Origin Policy by leveraging the availability of editing.
Use-after-free vulnerability in
content/renderer/media/webaudio_capturer_source.cc in the WebAudio
implementation allows remote attackers to cause a denial of service
(heap memory corruption) or possibly have unspecified other impact by
leveraging improper handling of a stop action for an audio track.
Use-after-free vulnerability in the SVG implementation in Blink allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted document that leverages improper
handling of a shadow tree for a use element.
It has been discovered that platform/graphics/filters/FEColorMatrix.cpp
in the SVG implementation in Blink does not properly handle an
insufficient number of values in an feColorMatrix filter, which allows
remote attackers to cause a denial of service (container overflow) or
possibly have unspecified other impact via a crafted document.
Google Chrome before 43.0.2357.65 relies on libvpx code that was not
built with an appropriate --size-limit value, which allows remote
attackers to trigger a negative value for a size field, and consequently
cause a denial of service or possibly have unspecified other impact, via
a crafted frame size in VP9 video data.
PDFium does not properly initialize memory, which allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via unknown vectors.
Multiple use-after-free vulnerabilities in
content/renderer/media/user_media_client_impl.cc in the WebRTC
implementation allow remote attackers to cause a denial of service or
possibly have unspecified other impact via crafted JavaScript code that
executes upon completion of a getUserMedia request.
The Spellcheck API implementation does not use an HTTPS session for
downloading a Hunspell dictionary, which allows man-in-the-middle
attackers to deliver incorrect spelling suggestions or possibly have
unspecified other impact via a crafted file.
Cross-site scripting (XSS) vulnerability allows user-assisted remote
attackers to inject arbitrary web script or HTML via crafted data that
is improperly handled by the Bookmarks feature.
Multiple unspecified vulnerabilities in Google Chrome before
43.0.2357.65 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
googlechromereleases.blogspot.fr/2015/05/stable-channel-update_19.html
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1251
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1252
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1253
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1254
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1255
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1256
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1257
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1258
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1259
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1260
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1263
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1264
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1265