Security update for Chromium (important)

Chromium was updated to 41.0.2272.118 to fix two security issues. The following vulnerabilities were fixed: A combination of V8, Gamepad and IPC bugs could lead to remote code execution outside of the sandbox CVE-2015-1233, boo925713 Buffer overflow via race condition in GPU CVE-2015-1234, boo925...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2556-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2556-1 advisory. It was discovered that Chromium did not properly handle the interaction of IPC, the gamepad API and V8. If a user were tricked in to opening a specially...

Ubuntu: Security Advisory (USN-2556-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2556-1 oxide-qt vulnerabilities

It was discovered that Chromium did not properly handle the interaction of IPC, the gamepad API and V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the program...

How To Run Android Apps in Chrome Browser with Google ARC

Last year at Google I/O developer event, Google launched a limited beta "App Runtime for Chrome" ARC project, which now expanded to run millions of Android apps within Chrome browser. Google has released a new developer tool called App Runtime for Chrome ARC Welder that allows Android apps to run...

Google Chrome < 41.0.2272.118 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 41.0.2272.118. It is, therefore, affected by multiple vulnerabilities as referenced in the 201504stable-channel-update advisory. - Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the...

Google Chrome < 41.0.2272.118 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 41.0.2272.118. It is, therefore, affected by multiple vulnerabilities as referenced in the 201504stable-channel-update advisory. - Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the...

chromium: remote code execution

CVE-2015-1233 remote code execution: A combination of V8, Gamepad and IPC bugs can lead to remote code execution outside of the sandbox. - CVE-2015-1234 buffer overflow: Buffer overflow via a race condition in GPU...

Stable Channel Update

The stable channel has been updated to 41.0.2272.118 for Windows, Mac and Linux. A partial list of changes is available in the log. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain...

UBUNTU-CVE-2015-1234

Race condition in gpu/commandbuffer/service/gles2cmddecoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact by manipulating OpenGL ES commands...

CVE-2015-1360

Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and...

CVE-2015-1360

Removed by vendor...

Exploiting NVMAP to escape the Chrome sandbox - CVE-2014-5332

Posted by Lee Campbell, Graphics Pwning Unit This guest post continues Project Zero’s practice of promoting excellence in security research on the Project Zero blog Background: Chrome for Android implements a very different sandbox model to that of Chrome for Linux. One of the platform features w...

OpenGraphiti: Data Visualization Engine

OpenGraphiti is a free and open source 3D data visualization engine for data scientists to visualize semantic networks and to work with them. It offers an easy-to-use API with several associated libraries to create custom-made datasets. It leverages the power of GPUs to process and explore the da...

CVE-2014-8298

The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra L4T driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service segmentation fault...

CVE-2014-8298

The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra L4T driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service segmentation fault...

CVE-2014-8298

The CVE-2014-8298 issue affects NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, R346.x before R346.22, Linux for Tegra (L4T) driver before R21.2, and Chrome OS driver before R40. The flaw enables a remote attacker to cause a...

CVE-2014-8298

The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra L4T driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service segmentation fault...

pwn4fun Spring 2014 - Safari - Part II

Posted by Ian Beer TL;DR An OS X GPU driver trusted a user-supplied kernel C++ object pointer and called a virtual function. The IOKit registry contained kernel pointers which were used defeat kASLR. A kernel ROP payload ran Calculator.app as root using a convenient kernel API. Overview of part I...

HashCat Introduction: Break That Hash

When the Bitcoin mining craze hit its peak, people felt the tug to join this new community and make some easy money. The Concepts behind Bitcoin mining intrigued me, in particular the new use of graphics processors GPUs. With a moderately expensive video card, you could bring in enough money to p...