Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-3238-1
HistoryApr 26, 2015 - 12:00 a.m.

chromium-browser - security update

2015-04-2600:00:00
Google
osv.dev
6

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

91.1%

JSON

Several vulnerabilities were discovered in the chromium web browser.

  • CVE-2015-1235
    A Same Origin Policy bypass issue was discovered in the HTML
    parser.
  • CVE-2015-1236
    Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio
    API.
  • CVE-2015-1237
    Khalil Zhani discovered a use-after-free issue in IPC.
  • CVE-2015-1238
    cloudfuzzer discovered an out-of-bounds write in the skia
    library.
  • CVE-2015-1240
    w3bd3vil discovered an out-of-bounds read in the WebGL
    implementation.
  • CVE-2015-1241
    Phillip Moon and Matt Weston discovered a way to trigger local user
    interface actions remotely via a crafted website.
  • CVE-2015-1242
    A type confusion issue was discovered in the v8 javascript
    library.
  • CVE-2015-1244
    Mike Ruddy discovered a way to bypass the HTTP Strict Transport Security
    policy.
  • CVE-2015-1245
    Khalil Zhani discovered a use-after-free issue in the pdfium
    library.
  • CVE-2015-1246
    Atte Kettunen discovered an out-of-bounds read issue in
    webkit/blink.
  • CVE-2015-1247
    Jann Horn discovered that file: URLs in OpenSearch documents were not
    sanitized, which could allow local files to be read remotely when using
    the OpenSearch feature from a crafted website.
  • CVE-2015-1248
    Vittorio Gambaletta discovered a way to bypass the SafeBrowsing feature,
    which could allow the remote execution of a downloaded executable
    file.
  • CVE-2015-1249
    The chrome 41 development team found various issues from internal
    fuzzing, audits, and other studies.
  • CVE-2015-3333
    Multiple issues were discovered and fixed in v8 4.2.7.14.
  • CVE-2015-3334
    It was discovered that remote websites could capture video data from
    attached web cameras without permission.
  • CVE-2015-3336
    It was discovered that remote websites could cause user interface
    disruptions like window fullscreening and mouse pointer locking.

For the stable distribution (jessie), these problems have been fixed in
version 42.0.2311.90-1~deb8u1.

For the testing (stretch) and unstable (sid) distributions, these problems
have been fixed in version 42.0.2311.90-1.

We recommend that you upgrade your chromium-browser packages.

CPENameOperatorVersion
chromium-browsereq41.0.2272.118-1

Related

nessus 9
debian 2
securityvulns 3
openvas 14
mageia 1
archlinux 1
freebsd 1
chrome 1
kaspersky 1
redhat 1
threatpost 1
thn 1
ubuntu 1
gentoo 1
prion 16
debiancve 16
cve 16
ubuntucve 16
nessus
nessus
Debian DSA-3238-1 : chromium-browser - security update
2015-04-29 00:00:00
openSUSE Security Update : Chromium (openSUSE-2015-320)
2015-04-23 00:00:00
Google Chrome < 42.0.2311.90 Multiple Vulnerabilities (Mac OS X)
2015-04-16 00:00:00
debian
debian
[SECURITY] [DSA 3238-1] chromium-browser security update
2015-04-27 02:41:29
[SECURITY] [DSA 3238-1] chromium-browser security update
2015-04-27 02:41:29
securityvulns
securityvulns
[SECURITY] [DSA 3238-1] chromium-browser security update
2015-05-05 00:00:00
Google Chrome / Chromium multiple security vulnerabilities
2015-05-25 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2015-03-23 00:00:00
openvas
openvas
Debian Security Advisory DSA 3238-1 (chromium-browser - security update)
2015-04-26 00:00:00
Debian: Security Advisory (DSA-3238-1)
2015-04-25 00:00:00
Mageia: Security Advisory (MGASA-2015-0164)
2022-01-28 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2015-04-24 00:14:25
archlinux
archlinux
chromium: multiple issues
2015-04-18 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2015-04-14 00:00:00
chrome
chrome
Stable Channel Update
2015-04-14 00:00:00
kaspersky
kaspersky
KLA10546 Multiple vulnerabilities in Google Chrome
2015-04-14 00:00:00
redhat
redhat
(RHSA-2015:0816) Important: chromium-browser security update
2015-04-16 00:00:00
threatpost
threatpost
Google Fixes Dozens of Bugs in Chrome 42
2015-04-14 14:44:57
thn
thn
Google Launches Chrome 42 with Push Notifications
2015-04-15 01:31:00
ubuntu
ubuntu
Oxide vulnerabilities
2015-04-27 00:00:00
gentoo
gentoo
Chromium: Multiple vulnerabilities
2015-06-23 00:00:00
prion
prion
Design/Logic Flaw
2015-04-19 10:59:00
Design/Logic Flaw
2015-04-19 10:59:00
Design/Logic Flaw
2015-04-19 10:59:00
debiancve
debiancve
CVE-2015-3336
2015-04-19 10:59:00
CVE-2015-3333
2015-04-19 10:59:00
CVE-2015-3334
2015-04-19 10:59:00
cve
cve
CVE-2015-3336
2015-04-19 10:59:00
CVE-2015-3334
2015-04-19 10:59:00
CVE-2015-1244
2015-04-19 10:59:00
ubuntucve
ubuntucve
CVE-2015-3336
2015-04-19 00:00:00
CVE-2015-1248
2015-04-19 00:00:00
CVE-2015-3334
2015-04-19 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

91.1%

JSON
Related for OSV:DSA-3238-1
nessus9debian2securityvulns3openvas14mageia1archlinux1freebsd1chrome1kaspersky1redhat1threatpost1thn1ubuntu1gentoo1prion16debiancve16cve16ubuntucve16