logo
DATABASE RESOURCES PRICING ABOUT US

FreeBSD : chromium -- multiple vulnerabilities (a9d456b4-fe4c-11e4-ad15-00262d5ed8ee)

Description

Google Chrome Releases reports : 37 security fixes in this release, including : - [474029] High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous. - [464552] High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous. - [444927] High CVE-2015-1254: Cross-origin bypass in Editing. Credit to armin@rawsec.net. - [473253] High CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani. - [478549] High CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG. - [481015] High CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined working with HP's Zero Day Initiative. - [468519] Medium CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz. - [450939] Medium CVE-2015-1258: Negative-size parameter in libvpx. Credit to cloudfuzzer - [468167] Medium CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen of OUSPG - [474370] Medium CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani. - [466351] Medium CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen. - [476647] Medium CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz. - [479162] Low CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to Mike Ruddy. - [481015] Low CVE-2015-1264: Cross-site scripting in bookmarks. Credit to K0r3Ph1L. - [489518] CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives. - Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 4.3.61.21).


Related