openSUSE Security Update : chromium (openSUSE-2015-204)

chromium was updated to version 40.0.2214.111 to fix 31 vulnerabilities. These security issues were fixed : - CVE-2015-1209: Use-after-free in DOM bnc916841. - CVE-2015-1210: Cross-origin-bypass in V8 bindings bnc916843. - CVE-2015-1211: Privilege escalation using service workers bnc916838. -...

Security update for chromium (important)

chromium was updated to version 40.0.2214.111 to fix 31 vulnerabilities. These security issues were fixed: - CVE-2015-1209: Use-after-free in DOM bnc916841. - CVE-2015-1210: Cross-origin-bypass in V8 bindings bnc916843. - CVE-2015-1211: Privilege escalation using service workers bnc916838. -...

Google Chrome < 40.0.2214.91 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 40.0.2214.91. It is, therefore, affected by multiple vulnerabilities as referenced in the 201501stable-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause ...

Google Chrome SSL Certificate Validation Vulnerability

Google Chrome is a popular WEB browser. A certificate validation vulnerability exists in Google Chrome SSL that allows attackers to conduct AppCache caching of SSL sessions to spoof HTML5 application content...

Google Chrome < 40.0.2214.91 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 40.0.2214.91. It is, therefore, affected by multiple vulnerabilities as referenced in the 201501stable-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to caus...

CVE-2014-7948

The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcacheupdatejob.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5...

Code injection

The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcacheupdatejob.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5...

CVE-2014-7948

CVE-2014-7948 affects Google Chrome’s AppCache: the AppCacheUpdateJob::URLFetcher proceeds with caching for SSL sessions even when there is an X.509 certificate error, enabling MITM attackers to spoof HTML5 app content. Documented in multiple advisories (e.g., Ubuntu USN-2476-1, Red Hat RHSA-2015...

CVE-2014-7948

The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcacheupdatejob.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5...

CVE-2014-7948

The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcacheupdatejob.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5...

UBUNTU-CVE-2014-7948

The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcacheupdatejob.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 62 security fixes in this release, including: 430353 High CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning. 435880 High CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne. 434136 High CVE-2014-7925: Use-after-free in WebAudio. Credit ...

The offline cookbook

Update: Together with Udacity I created a free offline-first interactive course. It involves taking an online-only site to full offline-first glory. Many of the patterns in this article are used. When AppCache arrived on the scene it gave us a couple of patterns to make content work offline. If...

Cross site scripting

Cross-site scripting XSS vulnerability in the appcache internals page in Google Chrome before 15.0.874.102 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-3877

Technical details for CVE-2011-3877 are not publicly available in the provided connected documents. Monitor for updates from official advisories.