Vulners
Lucene search
Google Chrome < 4.1.0.21 Multiple Vulnerabilities
| Reporter | Title | Published | Views | Family All 299 |
|---|---|---|---|---|
 | chromium -- multiple vulnerabilities | 3 Mar 201500:00 | – | freebsd |
| chromium -- multiple vulnerabilities | 5 Feb 201500:00 | – | freebsd |
 | chromium: multiple issues | 6 Feb 201500:00 | – | archlinux |
| chromium: multiple issues | 5 Mar 201500:00 | – | archlinux |
 | CVE-2015-1220 | 25 Mar 202411:49 | – | circl |
| CVE-2015-1224 | 25 Mar 202411:49 | – | circl |
 | Google Chrome for Android suffers from an unspecified vulnerability (CNVD-2015-00944) | 6 Feb 201500:00 | – | cnvd |
| Google Chrome CSS Token Sequence Denial of Service Vulnerability | 9 Mar 201500:00 | – | cnvd |
| Google Chrome Blink Denial of Service Vulnerability (CNVD-2015-01502) | 9 Mar 201500:00 | – | cnvd |
| Google Chrome cookie injection attack vulnerability | 9 Mar 201500:00 | – | cnvd |
10
| Source | Link |
|---|---|
| nessus | www.nessus.org/u |
| crbug | www.crbug.com/456516 |
| crbug | www.crbug.com/448423 |
| crbug | www.crbug.com/445810 |
| crbug | www.crbug.com/445809 |
| crbug | www.crbug.com/454954 |
| crbug | www.crbug.com/456192 |
| crbug | www.crbug.com/456059 |
| crbug | www.crbug.com/446164 |
| crbug | www.crbug.com/437651 |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(275863);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/24");
script_cve_id(
"CVE-2015-1213",
"CVE-2015-1214",
"CVE-2015-1215",
"CVE-2015-1216",
"CVE-2015-1217",
"CVE-2015-1218",
"CVE-2015-1219",
"CVE-2015-1220",
"CVE-2015-1221",
"CVE-2015-1222",
"CVE-2015-1223",
"CVE-2015-1224",
"CVE-2015-1225",
"CVE-2015-1226",
"CVE-2015-1227",
"CVE-2015-1228",
"CVE-2015-1229",
"CVE-2015-1230",
"CVE-2015-1230",
"CVE-2015-1231",
"CVE-2015-1232"
);
script_xref(name:"IAVB", value:"2015-B-0029-S");
script_name(english:"Google Chrome < 4.1.0.21 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote Windows host is prior to 4.1.0.21. It is, therefore, affected by
multiple vulnerabilities as referenced in the 2015_03_stable-channel-update advisory.
- Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in
Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service
or possibly have unspecified other impact via vectors that trigger extraneous change events, as
demonstrated by events for invalid input or input to read-only fields, related to the
initializeTypeInParsing and updateType functions. (CVE-2015-1223)
- Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc
in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have
unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an
out-of-bounds write operation, a different vulnerability than CVE-2015-1212. (CVE-2015-1232)
- The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used
in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly
have unspecified other impact via vectors that trigger an out-of-bounds write operation. (CVE-2015-1213)
- Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters
implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a
denial of service or possibly have unspecified other impact via vectors that trigger a reset action with a
large count value, leading to an out-of-bounds write operation. (CVE-2015-1214)
- The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers
to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-
bounds write operation. (CVE-2015-1215)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://chromereleases.googleblog.com/2015/03/stable-channel-update.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0ccbec15");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/456516");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/448423");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/445810");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/445809");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/454954");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/456192");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/456059");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/446164");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/437651");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/455368");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/448082");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/454231");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/449610");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/449958");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/446033");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/456841");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/450389");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/444707");
script_set_attribute(attribute:"see_also", value:"https://crbug.com/431504");
script_set_attribute(attribute:"solution", value:
"Upgrade to Google Chrome version 4.1.0.21 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-1232");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2015-1223");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/03");
script_set_attribute(attribute:"patch_publication_date", value:"2015/03/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("google_chrome_installed.nasl");
script_require_keys("installed_sw/Google Chrome");
exit(0);
}
include('vdf.inc');
# @tvdl-content-verify-only
var vuln_data = {
"metadata": {
"spec_version": "1.0"
},
"requires": [
{
"scope": "target",
"match": {
"os": "windows"
}
}
],
"checks": [
{
"product": {
"name": "Google Chrome",
"type": "app"
},
"check_algorithm": "default",
"constraints": [
{
"fixed_version": "4.1.0.21"
}
]
}
]
};
var vdf_result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:vdf_result);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Nov 2025 00:00Current
8.5High risk
Vulners AI Score8.5
CVSS 27.5
EPSS0.02584