Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-3415-1:E369A
HistoryDec 10, 2015 - 2:01 a.m.

[SECURITY] [DSA 3415-1] chromium-browser security update

2015-12-1002:01:17
lists.debian.org
8

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.4%

JSON

Debian Security Advisory DSA-3415-1 [email protected]
https://www.debian.org/security/ Michael Gilbert
December 09, 2015 https://www.debian.org/security/faq

Package : chromium-browser
CVE ID : CVE-2015-1302 CVE-2015-6764 CVE-2015-6765 CVE-2015-6766
CVE-2015-6767 CVE-2015-6768 CVE-2015-6769 CVE-2015-6770
CVE-2015-6771 CVE-2015-6772 CVE-2015-6773 CVE-2015-6774
CVE-2015-6775 CVE-2015-6776 CVE-2015-6777 CVE-2015-6778
CVE-2015-6779 CVE-2015-6780 CVE-2015-6781 CVE-2015-6782
CVE-2015-6784 CVE-2015-6785 CVE-2015-6786

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2015-1302

Rub Wu discovered an information leak in the pdfium library.

CVE-2015-6764

Guang Gong discovered an out-of-bounds read issue in the v8
javascript library.

CVE-2015-6765

A use-after-free issue was discovered in AppCache.

CVE-2015-6766

A use-after-free issue was discovered in AppCache.

CVE-2015-6767

A use-after-free issue was discovered in AppCache.

CVE-2015-6768

Mariusz Mlynski discovered a way to bypass the Same Origin
Policy.

CVE-2015-6769

Mariusz Mlynski discovered a way to bypass the Same Origin
Policy.

CVE-2015-6770

Mariusz Mlynski discovered a way to bypass the Same Origin
Policy.

CVE-2015-6771

An out-of-bounds read issue was discovered in the v8
javascript library.

CVE-2015-6772

Mariusz Mlynski discovered a way to bypass the Same Origin
Policy.

CVE-2015-6773

cloudfuzzer discovered an out-of-bounds read issue in the
skia library.

CVE-2015-6774

A use-after-free issue was found in extensions binding.

CVE-2015-6775

Atte Kettunen discovered a type confusion issue in the pdfium
library.

CVE-2015-6776

Hanno Böck dicovered and out-of-bounds access issue in the
openjpeg library, which is used by pdfium.

CVE-2015-6777

Long Liu found a use-after-free issue.

CVE-2015-6778

Karl Skomski found an out-of-bounds read issue in the pdfium
library.

CVE-2015-6779

Til Jasper Ullrich discovered that the pdfium library does
not sanitize "chrome:" URLs.

CVE-2015-6780

Khalil Zhani discovered a use-after-free issue.

CVE-2015-6781

miaubiz discovered an integer overflow issue in the sfntly
library.

CVE-2015-6782

Luan Herrera discovered a URL spoofing issue.

CVE-2015-6784

Inti De Ceukelaire discovered a way to inject HTML into
serialized web pages.

CVE-2015-6785

Michael Ficarra discovered a way to bypass the Content
Security Policy.

CVE-2015-6786

Michael Ficarra discovered another way to bypass the Content
Security Policy.

For the stable distribution (jessie), these problems have been fixed in
version 47.0.2526.73-1~deb8u1.

For the testing distribution (stretch), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 47.0.2526.73-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8i386chromium-dbg< 47.0.2526.73-1~deb8u1chromium-dbg_47.0.2526.73-1~deb8u1_i386.deb
Debian8amd64chromium< 47.0.2526.73-1~deb8u1chromium_47.0.2526.73-1~deb8u1_amd64.deb
Debian8allchromium-browser< 47.0.2526.73-1~deb8u1chromium-browser_47.0.2526.73-1~deb8u1_all.deb
Debian8i386chromedriver< 47.0.2526.73-1~deb8u1chromedriver_47.0.2526.73-1~deb8u1_i386.deb
Debian8allchromium-inspector< 47.0.2526.73-1~deb8u1chromium-inspector_47.0.2526.73-1~deb8u1_all.deb
Debian8allchromium-l10n< 47.0.2526.73-1~deb8u1chromium-l10n_47.0.2526.73-1~deb8u1_all.deb
Debian8amd64chromedriver< 47.0.2526.73-1~deb8u1chromedriver_47.0.2526.73-1~deb8u1_amd64.deb
Debian8amd64chromium-dbg< 47.0.2526.73-1~deb8u1chromium-dbg_47.0.2526.73-1~deb8u1_amd64.deb
Debian8i386chromium< 47.0.2526.73-1~deb8u1chromium_47.0.2526.73-1~deb8u1_i386.deb

Related

openvas 13
osv 1
debian 1
nessus 19
archlinux 3
threatpost 1
redhat 1
mageia 2
chrome 2
freebsd 2
ubuntu 1
suse 2
debiancve 23
prion 23
ubuntucve 23
cve 23
seebug 4
gentoo 1
kaspersky 2
nodejsblog 3
myhack58 1
ibm 1
securityvulns 1
apple 2
openvas
openvas
Debian: Security Advisory (DSA-3415-1)
2015-12-08 00:00:00
Debian Security Advisory DSA 3415-1 (chromium-browser - security update)
2015-12-09 00:00:00
Mageia: Security Advisory (MGASA-2015-0467)
2015-12-10 00:00:00
osv
osv
chromium-browser - security update
2015-12-09 00:00:00
debian
debian
[SECURITY] [DSA 3415-1] chromium-browser security update
2015-12-10 02:01:17
nessus
nessus
Debian DSA-3415-1 : chromium-browser - security update
2015-12-10 00:00:00
RHEL 6 : chromium-browser (RHSA-2015:2545)
2015-12-04 00:00:00
Google Chrome < 47.0.2526.73 Multiple Vulnerabilities (Mac OS X)
2015-12-04 00:00:00
archlinux
archlinux
chromium: multiple issues
2015-12-02 00:00:00
chromium: information leakage
2015-11-13 00:00:00
nodejs: multiple issues
2015-12-05 00:00:00
threatpost
threatpost
Google Plans to End Chrome for 32-bit Linux, Releases Chrome 47
2015-12-02 11:18:45
redhat
redhat
(RHSA-2015:2545) Critical: chromium-browser security update
2015-12-03 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2015-12-09 13:53:03
Updated chromium-browser-stable packages fix security vulnerabilities
2015-11-17 00:36:58
chrome
chrome
Stable Channel Update
2015-12-01 00:00:00
Stable Channel Update
2015-11-10 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2015-12-01 00:00:00
chromium -- multiple vulnerabilities
2015-11-10 00:00:00
ubuntu
ubuntu
Oxide vulnerabilities
2015-12-10 00:00:00
suse
suse
Security update for Chromium (important)
2015-12-17 13:10:52
Security update for Chromium (important)
2015-12-17 13:11:20
debiancve
debiancve
CVE-2015-6770
2015-12-06 01:59:00
CVE-2015-6768
2015-12-06 01:59:00
CVE-2015-6784
2015-12-06 01:59:00
prion
prion
Design/Logic Flaw
2015-12-06 01:59:00
Design/Logic Flaw
2015-12-06 01:59:00
Design/Logic Flaw
2015-12-06 01:59:00
ubuntucve
ubuntucve
CVE-2015-6768
2015-12-05 00:00:00
CVE-2015-6770
2015-12-05 00:00:00
CVE-2015-6774
2015-12-06 00:00:00
cve
cve
CVE-2015-6770
2015-12-06 01:59:00
CVE-2015-6768
2015-12-06 01:59:00
CVE-2015-6774
2015-12-06 01:59:00
seebug
seebug
Chrome Universal XSS via persistence of subframes (CVE-2015-6768)
2017-04-24 00:00:00
Chrome Universal XSS using plugin objects (CVE-2015-6772)
2017-04-24 00:00:00
Chrome Universal XSS using document.adoptNode (CVE-2015-6770)
2017-04-24 00:00:00
gentoo
gentoo
Chromium: Multiple vulnerabilities
2016-03-12 00:00:00
kaspersky
kaspersky
KLA10703 Multiple vulnerabilities in Google Chrome
2015-12-01 00:00:00
KLA10691 Multiple vulnerabilities in Google Chrome
2015-11-10 00:00:00
nodejsblog
nodejsblog
CVE-2015-8027 Denial of Service Vulnerability / CVE-2015-6764 V8 Out-of-bounds Access Vulnerability
2015-11-25 00:00:00
December Security Release Schedule Update
2015-12-01 00:00:00
December Security Release Summary
2015-12-04 00:00:00
myhack58
myhack58
The butterfly effect and the program error---a slag-hole the use-vulnerability warning-the black bar safety net
2017-06-14 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in current releases of IBM® SDK for Node.js™
2018-08-09 04:20:36
securityvulns
securityvulns
Google Chrome / Oxide multiple security vulnerabilities
2015-09-14 00:00:00
apple
apple
About the security content of Xcode 8.1 - Apple Support
2017-01-23 05:36:06
About the security content of Xcode 8.1
2016-10-27 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.4%

JSON
Related for DEBIAN:DSA-3415-1:E369A
openvas13osv1debian1nessus19archlinux3threatpost1redhat1mageia2chrome2freebsd2ubuntu1suse2debiancve23prion23ubuntucve23cve23seebug4gentoo1kaspersky2nodejsblog3myhack581ibm1securityvulns1apple2