GoogleOSV:DSA-3415-1chromium-browser - security update
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.032 Low
EPSS
Percentile
89.8%
Several vulnerabilities have been discovered in the chromium web browser.
- CVE-2015-1302
Rub Wu discovered an information leak in the pdfium library. - CVE-2015-6764
Guang Gong discovered an out-of-bounds read issue in the v8
javascript library. - CVE-2015-6765
A use-after-free issue was discovered in AppCache. - CVE-2015-6766
A use-after-free issue was discovered in AppCache. - CVE-2015-6767
A use-after-free issue was discovered in AppCache. - CVE-2015-6768
Mariusz Mlynski discovered a way to bypass the Same Origin
Policy. - CVE-2015-6769
Mariusz Mlynski discovered a way to bypass the Same Origin
Policy. - CVE-2015-6770
Mariusz Mlynski discovered a way to bypass the Same Origin
Policy. - CVE-2015-6771
An out-of-bounds read issue was discovered in the v8
javascript library. - CVE-2015-6772
Mariusz Mlynski discovered a way to bypass the Same Origin
Policy. - CVE-2015-6773
cloudfuzzer discovered an out-of-bounds read issue in the
skia library. - CVE-2015-6774
A use-after-free issue was found in extensions binding. - CVE-2015-6775
Atte Kettunen discovered a type confusion issue in the pdfium
library. - CVE-2015-6776
Hanno BĂśck dicovered an out-of-bounds access issue in the
openjpeg library, which is used by pdfium. - CVE-2015-6777
Long Liu found a use-after-free issue. - CVE-2015-6778
Karl Skomski found an out-of-bounds read issue in the pdfium
library. - CVE-2015-6779
Til Jasper Ullrich discovered that the pdfium library does
not sanitize chrome: URLs. - CVE-2015-6780
Khalil Zhani discovered a use-after-free issue. - CVE-2015-6781
miaubiz discovered an integer overflow issue in the sfntly
library. - CVE-2015-6782
Luan Herrera discovered a URL spoofing issue. - CVE-2015-6784
Inti De Ceukelaire discovered a way to inject HTML into
serialized web pages. - CVE-2015-6785
Michael Ficarra discovered a way to bypass the Content
Security Policy. - CVE-2015-6786
Michael Ficarra discovered another way to bypass the Content
Security Policy.
For the stable distribution (jessie), these problems have been fixed in
version 47.0.2526.73-1~deb8u1.
For the testing distribution (stretch), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 47.0.2526.73-1.
We recommend that you upgrade your chromium-browser packages.
References
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.032 Low
EPSS
Percentile
89.8%