40 matches found
Google Chrome < M72 - FileWriterImpl Use-After-Free
There's a use-after-free in the implementation of the FileWriter component of the mojo bindings for the filesystem API. The browser-process side of this API is defined in https://cs.chromium.org/chromium/src/thirdparty/blink/public/mojom/filesystem/filewriter.mojom?type=cs&sq=package:chromium&g=0...
CVE-2015-1248
The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL...
CVE-2015-1248
The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL...
Design/Logic Flaw
The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL...
CVE-2015-1248
CVE-2015-1248 affects Google Chrome's FileSystem API prior to 40.0.2214.91, enabling a SafeBrowsing bypass by placing an .exe in a temporary filesystem and referencing it via a filesystem:http: URL. The issue is referenced in multiple advisories (Debian DSA-3238-1, Gentoo GLSA-201506-04, CNVD-201...
CVE-2015-1248
The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL...
CVE-2015-1248
Removed by vendor...
chromium: update to 36.0.1985.125 (important)
Chromium was updated to version 36.0.1985.125. New Functionality: Rich Notifications Improvements An Updated Incognito / Guest NTP design The addition of a Browser crash recovery bubble Chrome App Launcher for Linux Lots of under the hood changes for stability and performance Security Fixes...
openSUSE: Security Advisory for chromium (openSUSE-SU-2014:0982-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Google Chrome Multiple Vulnerabilities - 02 (Jun 2014) - Windows
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
[SECURITY] [DSA 2959-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2959-1 [email protected] http://www.debian.org/security/ Michael Gilbert June 14, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2959-1 (chromium-browser - security update)
Several vulnerabilities have been discovered in the chromium web browser. CVE-2014-3154 Collin Payne discovered a use-after-free issue in the filesystem API. CVE-2014-3155 James March, Daniel Sommermann, and Alan Frindell discovered several out-of-bounds read issues in the SPDY protocol...
CVE-2014-3154
Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/childthread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown...
Design/Logic Flaw
Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/childthread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown...
CVE-2014-3154
Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/childthread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown...
CVE-2014-3154
Chromium/Google Chrome before 35.0.1916.153 is affected by CVE-2014-3154, a use-after-free in the filesystem API (ChildThread::Shutdown) that can cause a denial of service or other impact. OpenSUSE and Debian advisories confirm the fix in version 35.0.1916.153 (or newer) and recommend upgrading c...
CVE-2014-3154
Removed by vendor...
CVE-2014-3154
Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/childthread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown...
UBUNTU-CVE-2014-3154
Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/childthread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 4 security fixes in this release, including: 369525 High CVE-2014-3154: Use-after-free in filesystem api. Credit to Collin Payne. 369539 High CVE-2014-3155: Out-if-bounds read in SPDY. Credit to James March, Daniel Sommermann and Alan Frindell of Facebook. 369621...