chromium -- multiple vulnerabilities

2015-04-14T00:00:00
ID B57F690E-ECC9-11E4-876C-00262D5ED8EE
Type freebsd
Reporter FreeBSD
Modified 2015-04-14T00:00:00

Description

Google Chrome Releases reports:

45 new security fixes, including:

[456518] High CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous. [313939] Medium CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo. [461191] High CVE-2015-1237: Use-after-free in IPC. Credit to Khalil Zhani. [445808] High CVE-2015-1238: Out-of-bounds write in Skia. Credit to cloudfuzzer. [463599] Medium CVE-2015-1240: Out-of-bounds read in WebGL. Credit to w3bd3vil. [418402] Medium CVE-2015-1241: Tap-Jacking. Credit to Phillip Moon and Matt Weston of Sandfield Information Systems. [460917] High CVE-2015-1242: Type confusion in V8. Credit to fcole@onshape.com. [455215] Medium CVE-2015-1244: HSTS bypass in WebSockets. Credit to Mike Ruddy. [444957] Medium CVE-2015-1245: Use-after-free in PDFium. Credit to Khalil Zhani. [437399] Medium CVE-2015-1246: Out-of-bounds read in Blink. Credit to Atte Kettunen of OUSPG. [429838] Medium CVE-2015-1247: Scheme issues in OpenSearch. Credit to Jann Horn. [380663] Medium CVE-2015-1248: SafeBrowsing bypass. Credit to Vittorio Gambaletta (VittGam). [476786] CVE-2015-1249: Various fixes from internal audits, fuzzing and other initiatives. Multiple vulnerabilities in V8 fixed at the tip of the 4.2 branch (currently 4.2.77.14).