18 matches found
Chrome Universal XSS using exceptions thrown from Object.observe (CVE-2015-1304)
VULNERABILITY DETAILS From /v8/src/object-observe.js: function ObjectObserveobject, callback, acceptList ... var objectObserveFn = %GetObjectContextObjectObserveobject; return objectObserveFnobject, callback, acceptList; From /v8/src/runtime/runtime-observe.cc:...
Google Chrome < 45.0.2454.101 Multiple Vulnerabilities
Binary data 9015.pasl...
Security update for Chromium (important)
Chromium was updated to 45.0.2454.101 to fix two security issues. The following vulnerabilities were fixed: CVE-2015-1303: Cross-origin bypass in DOM boo947504 CVE-2015-1304: Cross-origin bypass in V8 boo947507...
[SECURITY] [DSA 3376-1] chromium-browser security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3376-1 [email protected] https://www.debian.org/security/ Michael Gilbert October 20, 2015 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3376-1 (chromium-browser - security update)
Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1303 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the DOM implementation. CVE-2015-1304 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the v8 javascript library...
SuSE Update for Chromium openSUSE-SU-2015:1719-1 (Chromium)
Check the version of Chromium SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.850693";...
CVE-2015-1304
CVE-2015-1304 concerns the Google Chrome/Chromium V8 JavaScript engine. The vulnerability allows bypassing the Same Origin Policy via (1) observe or (2) getNotifier calls on access-checked objects, enabling remote attackers to circumvent SOP. Affected component: V8 in Chrome prior to version 45.0...
[USN-2757-1] Oxide vulnerabilities
========================================================================== Ubuntu Security Notice USN-2757-1 October 05, 2015 oxide-qt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...
Ubuntu: Security Advisory (USN-2757-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2757-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2757-1 advisory. Two security issues were discovered in Blink and V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially...
USN-2757-1: Oxide vulnerabilities
Two security issues were discovered in Blink and V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same-origin restrictions. CVE-2015-1303, CVE-2015-1304...
Google Chrome < 45.0.2454.101 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 45.0.2454.101. It is, therefore, affected by multiple vulnerabilities as referenced in the 201509stable-channel-update24 advisory. - object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does no...
RHEL 6 : chromium-browser (RHSA-2015:1841)
Updated chromium-browser packages that fix two security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Google Chrome < 45.0.2454.101 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 45.0.2454.101. It is, therefore, affected by multiple vulnerabilities as referenced in the 201509stable-channel-update24 advisory. - object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not...
Important: Red Hat Security Advisory: chromium-browser security update
Updated chromium-browser packages that fix two security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
chromium: cross-origin bypass
CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski...
FreeBSD : chromium -- multiple vulnerabilities (0e425bb7-64f2-11e5-b2fd-00262d5ed8ee)
Google Chrome Releases reports : Two vulnerabilities were fixed in this release : - 530301 High CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. - 531891 High CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski. %NASLMINLEVEL 70300 C Tenable Network Security,...
Stable Channel Update
The stable channel has been updated to 45.0.2454.101 for Windows, Mac, and Linux. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. The following bugs from external security researchers were fixed in this...