Arch LinuxASA-201509-1chromium: multiple issues
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
87.0%
- CVE-2015-1291, CVE-2015-1293:
Cross-origin bypass in DOM.
- CVE-2015-1292:
Cross-origin bypass in ServiceWorker.
- CVE-2015-1294:
Use-after-free in Skia.
- CVE-2015-1295:
Use-after-free in Printing.
- CVE-2015-1296:
Character spoofing in omnibox.
- CVE-2015-1297:
Permission scoping error in WebRequest.
- CVE-2015-1298:
URL validation error in extensions.
- CVE-2015-1299:
Use-after-free in Blink.
- CVE-2015-1300:
Information leak in Blink.
- CVE-2015-1301:
Various fixes from internal audits, fuzzing and other initiatives.
References
googlechromereleases.blogspot.fr/2015/09/stable-channel-update.html
access.redhat.com/security/cve/CVE-2015-1291
access.redhat.com/security/cve/CVE-2015-1292
access.redhat.com/security/cve/CVE-2015-1293
access.redhat.com/security/cve/CVE-2015-1294
access.redhat.com/security/cve/CVE-2015-1295
access.redhat.com/security/cve/CVE-2015-1296
access.redhat.com/security/cve/CVE-2015-1297
access.redhat.com/security/cve/CVE-2015-1298
access.redhat.com/security/cve/CVE-2015-1299
access.redhat.com/security/cve/CVE-2015-1300
access.redhat.com/security/cve/CVE-2015-1301
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
87.0%