logo
DATABASE RESOURCES PRICING ABOUT US

Debian DSA-3238-1 : chromium-browser - security update

Description

Several vulnerabilities were discovered in the chromium web browser. - CVE-2015-1235 A Same Origin Policy bypass issue was discovered in the HTML parser. - CVE-2015-1236 Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API. - CVE-2015-1237 Khalil Zhani discovered a use-after-free issue in IPC. - CVE-2015-1238 'cloudfuzzer' discovered an out-of-bounds write in the skia library. - CVE-2015-1240 'w3bd3vil' discovered an out-of-bounds read in the WebGL implementation. - CVE-2015-1241 Phillip Moon and Matt Weston discovered a way to trigger local user interface actions remotely via a crafted website. - CVE-2015-1242 A type confusion issue was discovered in the v8 JavaScript library. - CVE-2015-1244 Mike Ruddy discovered a way to bypass the HTTP Strict Transport Security policy. - CVE-2015-1245 Khalil Zhani discovered a use-after-free issue in the pdfium library. - CVE-2015-1246 Atte Kettunen discovered an out-of-bounds read issue in webkit/blink. - CVE-2015-1247 Jann Horn discovered that 'file:' URLs in OpenSearch documents were not sanitized, which could allow local files to be read remotely when using the OpenSearch feature from a crafted website. - CVE-2015-1248 Vittorio Gambaletta discovered a way to bypass the SafeBrowsing feature, which could allow the remote execution of a downloaded executable file. - CVE-2015-1249 The chrome 41 development team found various issues from internal fuzzing, audits, and other studies. - CVE-2015-3333 Multiple issues were discovered and fixed in v8 4.2.7.14. - CVE-2015-3334 It was discovered that remote websites could capture video data from attached web cameras without permission. - CVE-2015-3336 It was discovered that remote websites could cause user interface disruptions like window fullscreening and mouse pointer locking.


Related