Coinbase: OAUTH pemission set as true= lead to authorize malicious application

OAuth authorize button in the Coinbase Android App did not have the android:filterTouchesWhenObscured attribute set to true, which may have made it vulnerable to tap-jacking. Reported UI Redressing Clickjacking For Mobile application of Coinbase , attack scenario is same as...

Google Chrome < 42.0.2311.90 Multiple Vulnerabilities

Binary data 8778.pasl...

FreeBSD : chromium -- multiple vulnerabilities (b57f690e-ecc9-11e4-876c-00262d5ed8ee)

Google Chrome Releases reports : 45 new security fixes, including : - 456518 High CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous. - 313939 Medium CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo. - 461191 High CVE-2015-1237: Use-after-free in IPC. Credit ...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2570-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2570-1 advisory. An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially...

USN-2570-1 oxide-qt vulnerabilities

An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2015-1235 An issue was discovered in the Web Audio API implementation in Blink. If a user were...

USN-2570-1: Oxide vulnerabilities

An issue was discovered in the HTML parser in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2015-1235 An issue was discovered in the Web Audio API implementation in Blink. If a user were...

MGASA-2015-0164 Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 42.0.2311.90 fixes several security issues, among others a cross-origin-bypass in HTML parser CVE-2015-1235, a cross-origin-bypass in Blink CVE-2015-1236, a use-after-free in IPC CVE-2015-1237, an out-of-bounds write in Skia CVE-2015-1238, an out-of-bounds read in WebGL...

Updated chromium-browser-stable packages fix security vulnerabilities

Chromium-browser 42.0.2311.90 fixes several security issues, among others a cross-origin-bypass in HTML parser CVE-2015-1235, a cross-origin-bypass in Blink CVE-2015-1236, a use-after-free in IPC CVE-2015-1237, an out-of-bounds write in Skia CVE-2015-1238, an out-of-bounds read in WebGL...

Google Chrome Multiple Vulnerabilities-02 (Apr 2015) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Google Chrome Multiple Vulnerabilities-02 (Apr 2015) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

chromium: multiple issues

CVE-2015-1235 cross-origin bypass A vulnerability was discovered that allows cross-origin-bypass in the HTML parser. - CVE-2015-1236 cross-origin bypass A vulnerability was discovered that allows cross-origin-bypass in the rendering engine Blink. - CVE-2015-1237 arbitrary code execution An...

chromium-browser: tap-jacking vulnerability

Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack...

Google Chrome < 42.0.2311.90 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 42.0.2311.90. It is, therefore, affected by multiple vulnerabilities as referenced in the 201504stable-channel-update14 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers...

Google Chrome < 42.0.2311.90 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 42.0.2311.90. It is, therefore, affected by multiple vulnerabilities as referenced in the 201504stable-channel-update14 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attacke...

Faceless: Tap Jacking Attack on Button Tags

UI Redressing Tap jacking attack may trick users into tapping a specifically crafted malicious App popup window e.g. toast view, making it a gateway for varied threats such as framing attack. Using this technique, a malicious App could potentially trick a user into making purchases, clicking on...