Lucene search

K
freebsdFreeBSD548F74BD-993C-11E5-956B-00262D5ED8EE
HistoryDec 01, 2015 - 12:00 a.m.

chromium -- multiple vulnerabilities

2015-12-0100:00:00
vuxml.freebsd.org
19

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.033 Low

EPSS

Percentile

91.1%

Google Chrome Releases reports:

41 security fixes in this release, including:

[558589] Critical CVE-2015-6765: Use-after-free in AppCache.
Credit to anonymous.
[551044] High CVE-2015-6766: Use-after-free in AppCache.
Credit to anonymous.
[554908] High CVE-2015-6767: Use-after-free in AppCache.
Credit to anonymous.
[556724] High CVE-2015-6768: Cross-origin bypass in DOM.
Credit to Mariusz Mlynski.
[534923] High CVE-2015-6769: Cross-origin bypass in core.
Credit to Mariusz Mlynski.
[541206] High CVE-2015-6770: Cross-origin bypass in DOM.
Credit to Mariusz Mlynski.
[544991] High CVE-2015-6771: Out of bounds access in v8.
Credit to anonymous.
[546545] High CVE-2015-6772: Cross-origin bypass in DOM.
Credit to Mariusz Mlynski.
[554946] High CVE-2015-6764: Out of bounds access in v8.
Credit to Guang Gong of Qihoo 360 via pwn2own.
[491660] High CVE-2015-6773: Out of bounds access in Skia.
Credit to cloudfuzzer.
[549251] High CVE-2015-6774: Use-after-free in Extensions.
Credit to anonymous.
[529012] High CVE-2015-6775: Type confusion in PDFium.
Credit to Atte Kettunen of OUSPG.
[457480] High CVE-2015-6776: Out of bounds access in PDFium.
Credit to Hanno Böck.
[544020] High CVE-2015-6777: Use-after-free in DOM.
Credit to Long Liu of Qihoo 360Vulcan Team.
[514891] Medium CVE-2015-6778: Out of bounds access in PDFium.
Credit to Karl Skomski.
[528505] Medium CVE-2015-6779: Scheme bypass in PDFium.
Credit to Til Jasper Ullrich.
[490492] Medium CVE-2015-6780: Use-after-free in Infobars.
Credit to Khalil Zhani.
[497302] Medium CVE-2015-6781: Integer overflow in Sfntly.
Credit to miaubiz.
[536652] Medium CVE-2015-6782: Content spoofing in Omnibox.
Credit to Luan Herrera.
[537205] Medium CVE-2015-6783: Signature validation issue in
Android Crazy Linker. Credit to Michal Bednarski.
[503217] Low CVE-2015-6784: Escaping issue in saved pages.
Credit to Inti De Ceukelaire.
[534542] Low CVE-2015-6785: Wildcard matching issue in CSP.
Credit to Michael Ficarra / Shape Security.
[534570] Low CVE-2015-6786: Scheme bypass in CSP. Credit to
Michael Ficarra / Shape Security.
[563930] CVE-2015-6787: Various fixes from internal audits,
fuzzing and other initiatives.
Multiple vulnerabilities in V8 fixed at the tip of the 4.7
branch (currently 4.7.80.23).

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchchromium< 47.0.2526.73UNKNOWN
FreeBSDanynoarchchromium-npapi< 47.0.2526.73UNKNOWN
FreeBSDanynoarchchromium-pulse< 47.0.2526.73UNKNOWN

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.033 Low

EPSS

Percentile

91.1%

Related for 548F74BD-993C-11E5-956B-00262D5ED8EE