12 matches found
Chrome Universal XSS via ContainerNode::parserInsertBefore (CVE-2015-6755)
VULNERABILITY DETAILS From /WebKit/Source/core/dom/ContainerNode.cpp: void ContainerNode::parserInsertBeforePassRefPtrWillBeRawPtr newChild, Node& nextChild ... while RefPtrWillBeRawPtr parent = newChild-parentNode parent-parserRemoveChildnewChild; if document != newChild-document document...
openSUSE Security Update : Chromium (openSUSE-2015-679)
Chromium was update do the stable release 46.0.2490.71 to fix security issues. The following vulnerabilities were fixed : - CVE-2015-6755: Cross-origin bypass in Blink - CVE-2015-6756: Use-after-free in PDFium - CVE-2015-6757: Use-after-free in ServiceWorker - CVE-2015-6758: Bad-cast in PDFium -...
Ubuntu: Security Advisory (USN-2770-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 3376-1] chromium-browser security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3376-1 [email protected] https://www.debian.org/security/ Michael Gilbert October 20, 2015 https://www.debian.org/security/faq -...
Ubuntu: Security Advisory (USN-2770-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 3376-1 (chromium-browser - security update)
Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1303 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the DOM implementation. CVE-2015-1304 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the v8 javascript library...
Important: Red Hat Security Advisory: chromium-browser security update
Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severit...
CVE-2015-6755
CVE-2015-6755 affects Blink (ContainerNode::parserInsertBefore in core/dom/ContainerNode.cpp) used by Google Chrome prior to 46.0.2490.71. The issue allows bypassing the Same Origin Policy via crafted JavaScript that triggers a DOM tree insertion even when a parent node no longer contains a child...
CVE-2015-6755
Removed by vendor...
CVE-2015-6755
The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin...
FreeBSD : chromium -- multiple vulnerabilities (8301c04d-71df-11e5-9fcb-00262d5ed8ee)
Google Chrome Releases reports : 24 security fixes in this release, including : - 519558 High CVE-2015-6755: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - 507316 High CVE-2015-6756: Use-after-free in PDFium. Credit to anonymous. - 529520 High CVE-2015-6757: Use-after-free in...
Stable Channel Update
The Chrome team is delighted to announce the promotion of Chrome 46 to the stable channel for Windows, Mac and Linux. Chrome 46.0.2490.71 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new...