Lucene search

[email protected]CVE-2015-6774

HistoryDec 06, 2015 - 1:59 a.m.

CVE-2015-6774

2015-12-0601:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

google chrome

getloadtimes

vulnerability

extensions

implementation

remote attackers

denial of service

javascript code

nvd

9.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.2%

JSON

Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that modifies a pointer used for reporting loadTimes data.

CPENameOperatorVersion
google:chromegoogle chromele46.0.2490.86

CPE	Name	Operator	Version
google:chrome	google chrome	le	46.0.2490.86

References

googlechromereleases.blogspot.com/2015/12/stable-channel-update.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html

www.debian.org/security/2015/dsa-3415

www.securityfocus.com/bid/78416

www.securitytracker.com/id/1034298

code.google.com/p/chromium/issues/detail?id=549251

codereview.chromium.org/1422753007

security.gentoo.org/glsa/201603-09

9.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.2%

JSON

Related for CVE-2015-6774

ubuntucve1 debiancve1 prion1 nessus8 openvas8 freebsd1 redhat1 archlinux1 threatpost1 debian2 osv1 mageia1 chrome1 suse2 gentoo1