FreeBSD : chromium -- multiple vulnerabilities (548f74bd-993c-11e5-956b-00262d5ed8ee)

Google Chrome Releases reports : 41 security fixes in this release, including : - 558589 Critical CVE-2015-6765: Use-after-free in AppCache. Credit to anonymous. - 551044 High CVE-2015-6766: Use-after-free in AppCache. Credit to anonymous. - 554908 High CVE-2015-6767: Use-after-free in AppCache...

Google Plans to End Chrome for 32-bit Linux, Releases Chrome 47

Google announced this week it will end Chrome support for older, 32-bit Linux distributions early next year and will maintain the browser on more popular distributions of the software. Specifically Google plans to stop pushing updates and security fixes to those running Chrome on 32-bit Linux,...

KLA10703 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, bypass security restrictions or execute arbitrary code. Below is a complete list of vulnerabilities 1. Improper array elements...

openSUSE Security Update : chromium (openSUSE-2015-204)

chromium was updated to version 40.0.2214.111 to fix 31 vulnerabilities. These security issues were fixed : - CVE-2015-1209: Use-after-free in DOM bnc916841. - CVE-2015-1210: Cross-origin-bypass in V8 bindings bnc916843. - CVE-2015-1211: Privilege escalation using service workers bnc916838. -...

Security update for chromium (important)

chromium was updated to version 40.0.2214.111 to fix 31 vulnerabilities. These security issues were fixed: - CVE-2015-1209: Use-after-free in DOM bnc916841. - CVE-2015-1210: Cross-origin-bypass in V8 bindings bnc916843. - CVE-2015-1211: Privilege escalation using service workers bnc916838. -...

Google Chrome < 40.0.2214.91 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 40.0.2214.91. It is, therefore, affected by multiple vulnerabilities as referenced in the 201501stable-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause ...

Google Chrome SSL Certificate Validation Vulnerability

Google Chrome is a popular WEB browser. A certificate validation vulnerability exists in Google Chrome SSL that allows attackers to conduct AppCache caching of SSL sessions to spoof HTML5 application content...

Google Chrome < 40.0.2214.91 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 40.0.2214.91. It is, therefore, affected by multiple vulnerabilities as referenced in the 201501stable-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to caus...

CVE-2014-7948

The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcacheupdatejob.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5...

Code injection

The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcacheupdatejob.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5...

CVE-2014-7948

CVE-2014-7948 affects Google Chrome’s AppCache: the AppCacheUpdateJob::URLFetcher proceeds with caching for SSL sessions even when there is an X.509 certificate error, enabling MITM attackers to spoof HTML5 app content. Documented in multiple advisories (e.g., Ubuntu USN-2476-1, Red Hat RHSA-2015...

CVE-2014-7948

The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcacheupdatejob.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5...

CVE-2014-7948

The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcacheupdatejob.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5...

UBUNTU-CVE-2014-7948

The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcacheupdatejob.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 62 security fixes in this release, including: 430353 High CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning. 435880 High CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne. 434136 High CVE-2014-7925: Use-after-free in WebAudio. Credit ...

The offline cookbook

Update: Together with Udacity I created a free offline-first interactive course. It involves taking an online-only site to full offline-first glory. Many of the patterns in this article are used. When AppCache arrived on the scene it gave us a couple of patterns to make content work offline. If...

Cross site scripting

Cross-site scripting XSS vulnerability in the appcache internals page in Google Chrome before 15.0.874.102 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-3877

Technical details for CVE-2011-3877 are not publicly available in the provided connected documents. Monitor for updates from official advisories.