[SECURITY] [DSA 3238-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3238-1 [email protected] http://www.debian.org/security/ Michael Gilbert April 26, 2015 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3238-1 (chromium-browser - security update)

Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1235 A Same Origin Policy bypass issue was discovered in the HTML parser. CVE-2015-1236 Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API. CVE-2015-1237 Khalil Zhani discovered a use-after-free iss...

DSA-3238-1 chromium-browser - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3238-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress 3.9-4.1.1 - Same-Origin Method Execution

...

Privacy killer: the Flash permissions reflection-vulnerability warning-the black bar safety net

0x00 Preface Always thought the risk has long been valued, but recently accidentally found, there are still many sites the presence of the defects, which are some of the commonly used email, social networking sites, so it is necessary then to explore it again. In fact, this is not what...

Google Chrome Same Origin Policy Bypass Vulnerability (CNVD-2015-02620)

Google Chrome is a web browsing tool developed by Google. A security vulnerability exists in the 'ContainerNode::parserRemoveChild' function in the core/dom/ContainerNode.cpp file in the Blink's HTML parser used in Google Chrome versions prior to 42.0.2311.90. ' function in the...

Google Chrome Blink Same Origin Policy Bypass Vulnerability

Google Chrome is a web browsing tool developed by Google. The Web Audio API implementation of Blink used in Google Chrome versions prior to 42.0.2311.90 has a security vulnerability in the modules/webaudio/MediaElementAudioSourceNode.cpp file in the ' MediaElementAudioSourceNode::process' functio...

CVE-2015-1236

The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a...

Design/Logic Flaw

The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a...

Design/Logic Flaw

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element...

CVE-2015-1235

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element...

CVE-2015-1235

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element...

CVE-2015-1236

The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a...

CVE-2015-1236

The CVE-2015-1236 entry refers to a Chrome/Blink vulnerability in the Web Audio API: MediaElementAudioSourceNode::process in Blink’s Web Audio implementation allows a remote site with a media element to bypass Same Origin Policy and access sensitive audio samples. Impact data from the sources con...

CVE-2015-1236

Removed by vendor...

CVE-2015-1235

Removed by vendor...

CVE-2015-1235

CVE-2015-1235 affects the Blink HTML parser: ContainerNode::parserRemoveChild in core/dom/ContainerNode.cpp allows a Same Origin Policy bypass via a crafted HTML document with an IFRAME in Chrome before 42.0.2311.90. The vulnerability stems from the HTML parser logic in Blink, enabling cross-orig...

CVE-2015-1235

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element...

CVE-2015-1236

The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a...