android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in
Google Chrome before 43.0.2357.65 on Android does not properly restrict use
of a URL's fragment identifier during construction of a page-info popup,
which allows remote attackers to spoof the URL bar or deliver misleading
popup content via crafted text.
{"debiancve": [{"lastseen": "2021-12-14T17:47:14", "description": "android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "debiancve", "title": "CVE-2015-1261", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1261"], "modified": "2015-05-20T10:59:00", "id": "DEBIANCVE:CVE-2015-1261", "href": "https://security-tracker.debian.org/tracker/CVE-2015-1261", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T11:53:36", "description": "android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text.", "cvss3": {}, "published": "2015-05-20T10:59:00", "type": "cve", "title": "CVE-2015-1261", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1261"], "modified": "2017-01-03T02:59:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:google:chrome:42.0.2311.107"], "id": "CVE-2015-1261", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1261", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google:chrome:42.0.2311.107:*:*:*:*:android:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}], "threatpost": [{"lastseen": "2018-10-06T22:56:51", "description": "Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox.\n\nThat vulnerability is one of 37 bugs fixed in version 43 of Chrome. Six of those flaws are rated as high risks and Google paid out more than $38,000 in rewards to researchers who reported vulnerabilities to the company. Among the other serious vulnerabilities are cross-origin bypasses and three use-after-free vulnerabilities.\n\nGoogle has not yet released the details of the vulnerabilities, so the nature and location of the sandbox-escape bug aren\u2019t clear. The company waits until most users have updated to the new version before releasing complete details of the vulnerabilities.\n\nHere are the public bugs fixed in Chrome 43:\n\n[$16337][[474029](<https://code.google.com/p/chromium/issues/detail?id=474029>)] High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous.\n\n[$7500][[464552](<https://code.google.com/p/chromium/issues/detail?id=464552>)] High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous.\n\n[$3000][[444927](<https://code.google.com/p/chromium/issues/detail?id=444927>)] High CVE-2015-1254: Cross-origin bypass in Editing. Credit to armin@rawsec.net.\n\n[$3000][[473253](<https://code.google.com/p/chromium/issues/detail?id=473253>)] High CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani.\n\n[$2000][[478549](<https://code.google.com/p/chromium/issues/detail?id=478549>)] High CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.\n\n[[481015](<https://code.google.com/p/chromium/issues/detail?id=481015>)] High CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined working with HP\u2019s Zero Day Initiative \n\n[$1500][[468519](<https://code.google.com/p/chromium/issues/detail?id=468519>)] Medium CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz.\n\n[$1000][[450939](<https://code.google.com/p/chromium/issues/detail?id=450939>)] Medium CVE-2015-1258: Negative-size parameter in Libvpx. Credit to cloudfuzzer\n\n[$1000][[468167](<https://code.google.com/p/chromium/issues/detail?id=468167>)] Medium CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen of OUSPG\n\n[$1000][[474370](<https://code.google.com/p/chromium/issues/detail?id=474370>)] Medium CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani.\n\n[$500][[466351](<https://code.google.com/p/chromium/issues/detail?id=466351>)] Medium CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen.\n\n[$500][[476647](<https://code.google.com/p/chromium/issues/detail?id=476647>)] Medium CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz.\n\n[$500][[479162](<https://code.google.com/p/chromium/issues/detail?id=479162>)] Low CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to Mike Ruddy.\n\n[$500][[481015](<https://code.google.com/p/chromium/issues/detail?id=481015>)] Low CVE-2015-1264: Cross-site scripting in bookmarks. Credit to K0r3Ph1L.\n", "cvss3": {}, "published": "2015-05-19T13:19:05", "type": "threatpost", "title": "Google Fixes Sandbox Escape in Chrome", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264"], "modified": "2015-05-19T17:19:05", "id": "THREATPOST:45D2D399F79C59D30CB09CDC7A87747D", "href": "https://threatpost.com/google-fixes-sandbox-escape-in-chrome/112899/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:59", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3267-1 security@debian.org\r\nhttp://www.debian.org/security/ Michael Gilbert\r\nMay 22, 2015 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : chromium-browser\r\nCVE ID : CVE-2015-1251 CVE-2015-1252 CVE-2015-1253 CVE-2015-1254\r\n CVE-2015-1255 CVE-2015-1256 CVE-2015-1257 CVE-2015-1258\r\n CVE-2015-1259 CVE-2015-1260 CVE-2015-1261 CVE-2015-1262\r\n CVE-2015-1263 CVE-2015-1264 CVE-2015-1265\r\n\r\nSeveral vulnerabilities were discovered in the chromium web browser.\r\n\r\nCVE-2015-1251\r\n\r\n SkyLined discovered a use-after-free issue in speech recognition.\r\n\r\nCVE-2015-1252\r\n\r\n An out-of-bounds write issue was discovered that could be used to\r\n escape from the sandbox.\r\n\r\nCVE-2015-1253\r\n\r\n A cross-origin bypass issue was discovered in the DOM parser.\r\n\r\nCVE-2015-1254\r\n\r\n A cross-origin bypass issue was discovered in the DOM editing feature.\r\n\r\nCVE-2015-1255\r\n\r\n Khalil Zhani discovered a use-after-free issue in WebAudio.\r\n\r\nCVE-2015-1256\r\n\r\n Atte Kettunen discovered a use-after-free issue in the SVG\r\n implementation.\r\n\r\nCVE-2015-1257\r\n\r\n miaubiz discovered an overflow issue in the SVG implementation.\r\n\r\nCVE-2015-1258\r\n\r\n cloudfuzzer discovered an invalid size parameter used in the\r\n libvpx library.\r\n\r\nCVE-2015-1259\r\n\r\n Atte Kettunen discovered an uninitialized memory issue in the\r\n pdfium library.\r\n\r\nCVE-2015-1260\r\n\r\n Khalil Zhani discovered multiple use-after-free issues in chromium's\r\n interface to the WebRTC library.\r\n\r\nCVE-2015-1261\r\n\r\n Juho Nurminen discovered a URL bar spoofing issue.\r\n\r\nCVE-2015-1262\r\n\r\n miaubiz discovered the use of an uninitialized class member in\r\n font handling.\r\n\r\nCVE-2015-1263\r\n\r\n Mike Ruddy discovered that downloading the spellcheck dictionary\r\n was not done over HTTPS.\r\n\r\nCVE-2015-1264\r\n\r\n K0r3Ph1L discovered a cross-site scripting issue that could be\r\n triggered by bookmarking a site.\r\n\r\nCVE-2015-1265\r\n\r\n The chrome 43 development team found and fixed various issues\r\n during internal auditing. Also multiple issues were fixed in\r\n the libv8 library, version 4.3.61.21.\r\n\r\nFor the stable distribution (jessie), these problems have been fixed in\r\nversion 43.0.2357.65-1~deb8u1.\r\n\r\nFor the testing distribution (stretch), these problems will be fixed soon.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 43.0.2357.65-1.\r\n\r\nWe recommend that you upgrade your chromium-browser packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQQcBAEBCgAGBQJVXrgRAAoJELjWss0C1vRzS5Mf/iSPN/47Wt02hBpAGEMEjirv\r\n4Ee3gJ/Sb/z8EtE7GsZOxci1AsJQYZusm5T6rcwl3Bu3Rnsjj7swZg7cMJBb73+L\r\nhfwl8xY47cjudXFc/V2wJWghjBozIrsaINSVgpEA6AiGl/5S4f941Hgz/Nik8sfg\r\n0r9hH2jU5o3BfYKViAZhjkOjxmXTlO9zPeFD4bA/FCo0YNyN9dIIJYbeBdvG+z5H\r\npOCs3L6QnDyVqu/Zcpi7BtqilDvseV9QGagqg0WpbYimnqvjeeWQAlsKE9+NhwDY\r\nDQ+NufPSPpL3hu+xxPm1kLLndiKRGb5S253Rl+8kWgeKa+UgvdWKePdtQYaidjSK\r\nuVF+8s5en36D0Mr/OOC3a0ZImMsinky+6mg4AjWuZwo+AirZ+DQVTkxMRS9T6l9k\r\nFR3h//VYnqBihbuYrJnRunFjo1RFzLM2P7NiMBAJOhAuVAK4OSpN0pWb/KJN23Ch\r\nQ1C9vdq413VCtgsUuMYc2pqoc/XDBK5CNjtgtm+e9ZdPOKg7A7POuvw7QIv+g3me\r\niRmkc1evjwa9/nkFzgF7HpcoHv25YdrktsF5IfVOXEZL+AkIhViIDe/rIkuxDvz1\r\nuGQFLh+NRWnAeXM89NNrFJ7wmpJoG/PbNWZ44HYa0nQoVz/ygaw827U88FxgoZsD\r\nPVvRVC9cV2S2OpOU1gMg8O5mbQi/g2HQVOEdM/rjoot8W2/K7zfmYVFghFAoNBp5\r\nkAfj3j9c3yHKZ18wFqF+yvcmWBBWGIQvd62s23hKVb7PW09ShArvYp+U7bMwcVfB\r\nV5q9hboqgGVjcyd32BIT1ZW3zSyZ9Jaamw3nLVc2ro8jlnb3UqOK2Kkzb87tBfWU\r\n/ga1nLgy6bg9H3au21/6f+ReP2X96Y4KA2sb3gqhI2FVtJ864anbJM4KcOR3nsV6\r\nm1QqfkksTx8EUlca/k65zDHt7bveQValM437V/OspnqSMt/dquDKJxiRY9Kb/wWZ\r\nAo3QzrLb349xEvxq1vqz1DEiZ2a+w9xA9FPaBXXMinX+93kK5ZJZbIlcn0FQbMgx\r\n7MIWSBI0EutMfoMhexB+7BEdVBRvr0QppxMFJYlJwl+o5nY7aANtboEoU/tqOiaO\r\n/+gQL8evd5Fh6IaC1WMWwXcpypPqaDWzXF1ExkGRpwWO6Dm67k97k79r1ntzVs7o\r\nuDz+/V0cKTm2mL0FxK7+DEyxsxb3SgKD6Fymd3tiknD/hXOsKZkoCKMh5XLzWWBP\r\nPU0DRS/WysA+bGIvqR29GWHADQUvj1A6DjkMIinkitGdaOysn8RlENFZX39XQ94r\r\nEjpXvjyw9rkRZtwMeGDTcUJxoeWNCyRBjJMcEuSeCKmOratYaOMgVpvQeGR4Xno=\r\n=GyQo\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2015-05-25T00:00:00", "title": "[SECURITY] [DSA 3267-1] chromium-browser security update", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-1265", "CVE-2015-1257", "CVE-2015-1263", "CVE-2015-1251", "CVE-2015-1262", "CVE-2015-1260", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1259", "CVE-2015-1252", "CVE-2015-1256", "CVE-2015-1261", "CVE-2015-1258", "CVE-2015-1255", "CVE-2015-1264"], "modified": "2015-05-25T00:00:00", "id": "SECURITYVULNS:DOC:32136", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32136", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:51:19", "description": "No description provided", "edition": 2, "cvss3": {}, "published": "2015-05-25T00:00:00", "title": "Google Chrome / Chromium multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-1265", "CVE-2015-1247", "CVE-2015-1257", "CVE-2015-3334", "CVE-2015-1246", "CVE-2015-1244", "CVE-2015-1263", "CVE-2015-1251", "CVE-2015-1262", "CVE-2015-1260", "CVE-2015-1240", "CVE-2015-1241", "CVE-2015-1250", "CVE-2015-1253", "CVE-2015-3336", "CVE-2015-1254", "CVE-2015-1259", "CVE-2015-1243", "CVE-2015-1252", "CVE-2015-1248", "CVE-2015-1236", "CVE-2015-1256", "CVE-2015-1242", "CVE-2015-1245", "CVE-2015-1235", "CVE-2015-3333", "CVE-2015-1261", "CVE-2015-1237", "CVE-2015-1258", "CVE-2015-1255", "CVE-2015-1238", "CVE-2015-1264", "CVE-2015-1249"], "modified": "2015-05-25T00:00:00", "id": "SECURITYVULNS:VULN:14435", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14435", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:36:16", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1251\nSkyLined discovered a use-after-free issue in speech\nrecognition.\n\nCVE-2015-1252\nAn out-of-bounds write issue was discovered that could be used to\nescape from the sandbox.\n\nCVE-2015-1253\nA cross-origin bypass issue was discovered in the DOM parser.\n\nCVE-2015-1254\nA cross-origin bypass issue was discovered in the DOM editing\nfeature.\n\nCVE-2015-1255\nKhalil Zhani discovered a use-after-free issue in WebAudio.\n\nCVE-2015-1256\nAtte Kettunen discovered a use-after-free issue in the SVG\nimplementation.\n\nCVE-2015-1257\nmiaubiz discovered an overflow issue in the SVG implementation.\n\nCVE-2015-1258\ncloudfuzzer discovered an invalid size parameter used in the\nlibvpx library.\n\nCVE-2015-1259\nAtte Kettunen discovered an uninitialized memory issue in the\npdfium library.\n\nCVE-2015-1260\nKhalil Zhani discovered multiple use-after-free issues in chromium", "cvss3": {}, "published": "2015-05-22T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3267-1 (chromium-browser - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1265", "CVE-2015-1257", "CVE-2015-1263", "CVE-2015-1251", "CVE-2015-1262", "CVE-2015-1260", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1259", "CVE-2015-1252", "CVE-2015-1256", "CVE-2015-1261", "CVE-2015-1258", "CVE-2015-1255", "CVE-2015-1264"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703267", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703267", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3267.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3267-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703267\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2015-1251\", \"CVE-2015-1252\", \"CVE-2015-1253\", \"CVE-2015-1254\",\n \"CVE-2015-1255\", \"CVE-2015-1256\", \"CVE-2015-1257\", \"CVE-2015-1258\",\n \"CVE-2015-1259\", \"CVE-2015-1260\", \"CVE-2015-1261\", \"CVE-2015-1262\",\n \"CVE-2015-1263\", \"CVE-2015-1264\", \"CVE-2015-1265\");\n script_name(\"Debian Security Advisory DSA 3267-1 (chromium-browser - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-05-22 00:00:00 +0200 (Fri, 22 May 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3267.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"chromium-browser on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie), these problems have been fixed in\nversion 43.0.2357.65-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 43.0.2357.65-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1251\nSkyLined discovered a use-after-free issue in speech\nrecognition.\n\nCVE-2015-1252\nAn out-of-bounds write issue was discovered that could be used to\nescape from the sandbox.\n\nCVE-2015-1253\nA cross-origin bypass issue was discovered in the DOM parser.\n\nCVE-2015-1254\nA cross-origin bypass issue was discovered in the DOM editing\nfeature.\n\nCVE-2015-1255\nKhalil Zhani discovered a use-after-free issue in WebAudio.\n\nCVE-2015-1256\nAtte Kettunen discovered a use-after-free issue in the SVG\nimplementation.\n\nCVE-2015-1257\nmiaubiz discovered an overflow issue in the SVG implementation.\n\nCVE-2015-1258\ncloudfuzzer discovered an invalid size parameter used in the\nlibvpx library.\n\nCVE-2015-1259\nAtte Kettunen discovered an uninitialized memory issue in the\npdfium library.\n\nCVE-2015-1260\nKhalil Zhani discovered multiple use-after-free issues in chromium's\ninterface to the WebRTC library.\n\nCVE-2015-1261\nJuho Nurminen discovered a URL bar spoofing issue.\n\nCVE-2015-1262\nmiaubiz discovered the use of an uninitialized class member in\nfont handling.\n\nCVE-2015-1263\nMike Ruddy discovered that downloading the spellcheck dictionary\nwas not done over HTTPS.\n\nCVE-2015-1264\nK0r3Ph1L discovered a cross-site scripting issue that could be\ntriggered by bookmarking a site.\n\nCVE-2015-1265\nThe chrome 43 development team found and fixed various issues\nduring internal auditing. Also multiple issues were fixed in\nthe libv8 library, version 4.3.61.21.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"43.0.2357.65-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium\", ver:\"43.0.2357.65-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"43.0.2357.65-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"43.0.2357.65-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"43.0.2357.65-1~deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:53:43", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1251 \nSkyLined discovered a use-after-free issue in speech\nrecognition.\n\nCVE-2015-1252 \nAn out-of-bounds write issue was discovered that could be used to\nescape from the sandbox.\n\nCVE-2015-1253 \nA cross-origin bypass issue was discovered in the DOM parser.\n\nCVE-2015-1254 \nA cross-origin bypass issue was discovered in the DOM editing\nfeature.\n\nCVE-2015-1255 \nKhalil Zhani discovered a use-after-free issue in WebAudio.\n\nCVE-2015-1256 \nAtte Kettunen discovered a use-after-free issue in the SVG\nimplementation.\n\nCVE-2015-1257 \nmiaubiz discovered an overflow issue in the SVG implementation.\n\nCVE-2015-1258 \ncloudfuzzer discovered an invalid size parameter used in the\nlibvpx library.\n\nCVE-2015-1259 \nAtte Kettunen discovered an uninitialized memory issue in the\npdfium library.\n\nCVE-2015-1260 \nKhalil Zhani discovered multiple use-after-free issues in chromium", "cvss3": {}, "published": "2015-05-22T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3267-1 (chromium-browser - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1265", "CVE-2015-1257", "CVE-2015-1263", "CVE-2015-1251", "CVE-2015-1262", "CVE-2015-1260", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1259", "CVE-2015-1252", "CVE-2015-1256", "CVE-2015-1261", "CVE-2015-1258", "CVE-2015-1255", "CVE-2015-1264"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703267", "href": "http://plugins.openvas.org/nasl.php?oid=703267", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3267.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3267-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703267);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-1251\", \"CVE-2015-1252\", \"CVE-2015-1253\", \"CVE-2015-1254\",\n \"CVE-2015-1255\", \"CVE-2015-1256\", \"CVE-2015-1257\", \"CVE-2015-1258\",\n \"CVE-2015-1259\", \"CVE-2015-1260\", \"CVE-2015-1261\", \"CVE-2015-1262\",\n \"CVE-2015-1263\", \"CVE-2015-1264\", \"CVE-2015-1265\");\n script_name(\"Debian Security Advisory DSA 3267-1 (chromium-browser - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-05-22 00:00:00 +0200 (Fri, 22 May 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3267.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"chromium-browser on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie), these problems have been fixed in\nversion 43.0.2357.65-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 43.0.2357.65-1.\n\nWe recommend that you upgrade your chromium-browser packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1251 \nSkyLined discovered a use-after-free issue in speech\nrecognition.\n\nCVE-2015-1252 \nAn out-of-bounds write issue was discovered that could be used to\nescape from the sandbox.\n\nCVE-2015-1253 \nA cross-origin bypass issue was discovered in the DOM parser.\n\nCVE-2015-1254 \nA cross-origin bypass issue was discovered in the DOM editing\nfeature.\n\nCVE-2015-1255 \nKhalil Zhani discovered a use-after-free issue in WebAudio.\n\nCVE-2015-1256 \nAtte Kettunen discovered a use-after-free issue in the SVG\nimplementation.\n\nCVE-2015-1257 \nmiaubiz discovered an overflow issue in the SVG implementation.\n\nCVE-2015-1258 \ncloudfuzzer discovered an invalid size parameter used in the\nlibvpx library.\n\nCVE-2015-1259 \nAtte Kettunen discovered an uninitialized memory issue in the\npdfium library.\n\nCVE-2015-1260 \nKhalil Zhani discovered multiple use-after-free issues in chromium's\ninterface to the WebRTC library.\n\nCVE-2015-1261 \nJuho Nurminen discovered a URL bar spoofing issue.\n\nCVE-2015-1262 \nmiaubiz discovered the use of an uninitialized class member in\nfont handling.\n\nCVE-2015-1263 \nMike Ruddy discovered that downloading the spellcheck dictionary\nwas not done over HTTPS.\n\nCVE-2015-1264 \nK0r3Ph1L discovered a cross-site scripting issue that could be\ntriggered by bookmarking a site.\n\nCVE-2015-1265 \nThe chrome 43 development team found and fixed various issues\nduring internal auditing. Also multiple issues were fixed in\nthe libv8 library, version 4.3.61.21.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"chromedriver\", ver:\"43.0.2357.65-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium\", ver:\"43.0.2357.65-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-dbg\", ver:\"43.0.2357.65-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-inspector\", ver:\"43.0.2357.65-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"chromium-l10n\", ver:\"43.0.2357.65-1~deb8u1\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2021-11-30T23:39:26", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3267-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nMay 22, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2015-1251 CVE-2015-1252 CVE-2015-1253 CVE-2015-1254\n CVE-2015-1255 CVE-2015-1256 CVE-2015-1257 CVE-2015-1258\n CVE-2015-1259 CVE-2015-1260 CVE-2015-1261 CVE-2015-1262\n CVE-2015-1263 CVE-2015-1264 CVE-2015-1265\n\nSeveral vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1251\n\n SkyLined discovered a use-after-free issue in speech recognition.\n\nCVE-2015-1252\n\n An out-of-bounds write issue was discovered that could be used to\n escape from the sandbox.\n\nCVE-2015-1253\n\n A cross-origin bypass issue was discovered in the DOM parser.\n\nCVE-2015-1254\n\n A cross-origin bypass issue was discovered in the DOM editing feature.\n\nCVE-2015-1255\n\n Khalil Zhani discovered a use-after-free issue in WebAudio.\n\nCVE-2015-1256\n\n Atte Kettunen discovered a use-after-free issue in the SVG\n implementation.\n\nCVE-2015-1257\n\n miaubiz discovered an overflow issue in the SVG implementation.\n\nCVE-2015-1258\n\n cloudfuzzer discovered an invalid size parameter used in the\n libvpx library.\n\nCVE-2015-1259\n\n Atte Kettunen discovered an uninitialized memory issue in the\n pdfium library.\n\nCVE-2015-1260\n\n Khalil Zhani discovered multiple use-after-free issues in chromium's\n interface to the WebRTC library.\n\nCVE-2015-1261\n\n Juho Nurminen discovered a URL bar spoofing issue.\n\nCVE-2015-1262\n\n miaubiz discovered the use of an uninitialized class member in\n font handling.\n\nCVE-2015-1263\n\n Mike Ruddy discovered that downloading the spellcheck dictionary\n was not done over HTTPS.\n\nCVE-2015-1264\n\n K0r3Ph1L discovered a cross-site scripting issue that could be\n triggered by bookmarking a site.\n\nCVE-2015-1265\n\n The chrome 43 development team found and fixed various issues\n during internal auditing. Also multiple issues were fixed in\n the libv8 library, version 4.3.61.21.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 43.0.2357.65-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 43.0.2357.65-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2015-05-22T05:02:40", "type": "debian", "title": "[SECURITY] [DSA 3267-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2015-05-22T05:02:40", "id": "DEBIAN:DSA-3267-1:32EBE", "href": "https://lists.debian.org/debian-security-announce/2015/msg00158.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T22:56:55", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3267-1 security@debian.org\nhttp://www.debian.org/security/ Michael Gilbert\nMay 22, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium-browser\nCVE ID : CVE-2015-1251 CVE-2015-1252 CVE-2015-1253 CVE-2015-1254\n CVE-2015-1255 CVE-2015-1256 CVE-2015-1257 CVE-2015-1258\n CVE-2015-1259 CVE-2015-1260 CVE-2015-1261 CVE-2015-1262\n CVE-2015-1263 CVE-2015-1264 CVE-2015-1265\n\nSeveral vulnerabilities were discovered in the chromium web browser.\n\nCVE-2015-1251\n\n SkyLined discovered a use-after-free issue in speech recognition.\n\nCVE-2015-1252\n\n An out-of-bounds write issue was discovered that could be used to\n escape from the sandbox.\n\nCVE-2015-1253\n\n A cross-origin bypass issue was discovered in the DOM parser.\n\nCVE-2015-1254\n\n A cross-origin bypass issue was discovered in the DOM editing feature.\n\nCVE-2015-1255\n\n Khalil Zhani discovered a use-after-free issue in WebAudio.\n\nCVE-2015-1256\n\n Atte Kettunen discovered a use-after-free issue in the SVG\n implementation.\n\nCVE-2015-1257\n\n miaubiz discovered an overflow issue in the SVG implementation.\n\nCVE-2015-1258\n\n cloudfuzzer discovered an invalid size parameter used in the\n libvpx library.\n\nCVE-2015-1259\n\n Atte Kettunen discovered an uninitialized memory issue in the\n pdfium library.\n\nCVE-2015-1260\n\n Khalil Zhani discovered multiple use-after-free issues in chromium's\n interface to the WebRTC library.\n\nCVE-2015-1261\n\n Juho Nurminen discovered a URL bar spoofing issue.\n\nCVE-2015-1262\n\n miaubiz discovered the use of an uninitialized class member in\n font handling.\n\nCVE-2015-1263\n\n Mike Ruddy discovered that downloading the spellcheck dictionary\n was not done over HTTPS.\n\nCVE-2015-1264\n\n K0r3Ph1L discovered a cross-site scripting issue that could be\n triggered by bookmarking a site.\n\nCVE-2015-1265\n\n The chrome 43 development team found and fixed various issues\n during internal auditing. Also multiple issues were fixed in\n the libv8 library, version 4.3.61.21.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 43.0.2357.65-1~deb8u1.\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 43.0.2357.65-1.\n\nWe recommend that you upgrade your chromium-browser packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2015-05-22T05:02:40", "type": "debian", "title": "[SECURITY] [DSA 3267-1] chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2015-05-22T05:02:40", "id": "DEBIAN:DSA-3267-1:F1492", "href": "https://lists.debian.org/debian-security-announce/2015/msg00158.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:45:57", "description": "Several vulnerabilities were discovered in the chromium web browser.\n\n - CVE-2015-1251 SkyLined discovered a use-after-free issue in speech recognition.\n\n - CVE-2015-1252 An out-of-bounds write issue was discovered that could be used to escape from the sandbox.\n\n - CVE-2015-1253 A cross-origin bypass issue was discovered in the DOM parser.\n\n - CVE-2015-1254 A cross-origin bypass issue was discovered in the DOM editing feature.\n\n - CVE-2015-1255 Khalil Zhani discovered a use-after-free issue in WebAudio.\n\n - CVE-2015-1256 Atte Kettunen discovered a use-after-free issue in the SVG implementation.\n\n - CVE-2015-1257 miaubiz discovered an overflow issue in the SVG implementation.\n\n - CVE-2015-1258 cloudfuzzer discovered an invalid size parameter used in the libvpx library.\n\n - CVE-2015-1259 Atte Kettunen discovered an uninitialized memory issue in the pdfium library.\n\n - CVE-2015-1260 Khalil Zhani discovered multiple use-after-free issues in chromium's interface to the WebRTC library.\n\n - CVE-2015-1261 Juho Nurminen discovered a URL bar spoofing issue.\n\n - CVE-2015-1262 miaubiz discovered the use of an uninitialized class member in font handling.\n\n - CVE-2015-1263 Mike Ruddy discovered that downloading the spellcheck dictionary was not done over HTTPS.\n\n - CVE-2015-1264 K0r3Ph1L discovered a cross-site scripting issue that could be triggered by bookmarking a site.\n\n - CVE-2015-1265 The chrome 43 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the libv8 library, version 4.3.61.21.", "cvss3": {"score": null, "vector": null}, "published": "2015-05-26T00:00:00", "type": "nessus", "title": "Debian DSA-3267-1 : chromium-browser - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium-browser", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3267.NASL", "href": "https://www.tenable.com/plugins/nessus/83784", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3267. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83784);\n script_version(\"2.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1251\", \"CVE-2015-1252\", \"CVE-2015-1253\", \"CVE-2015-1254\", \"CVE-2015-1255\", \"CVE-2015-1256\", \"CVE-2015-1257\", \"CVE-2015-1258\", \"CVE-2015-1259\", \"CVE-2015-1260\", \"CVE-2015-1261\", \"CVE-2015-1262\", \"CVE-2015-1263\", \"CVE-2015-1264\", \"CVE-2015-1265\");\n script_bugtraq_id(74723, 74727);\n script_xref(name:\"DSA\", value:\"3267\");\n\n script_name(english:\"Debian DSA-3267-1 : chromium-browser - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the chromium web browser.\n\n - CVE-2015-1251\n SkyLined discovered a use-after-free issue in speech\n recognition.\n\n - CVE-2015-1252\n An out-of-bounds write issue was discovered that could\n be used to escape from the sandbox.\n\n - CVE-2015-1253\n A cross-origin bypass issue was discovered in the DOM\n parser.\n\n - CVE-2015-1254\n A cross-origin bypass issue was discovered in the DOM\n editing feature.\n\n - CVE-2015-1255\n Khalil Zhani discovered a use-after-free issue in\n WebAudio.\n\n - CVE-2015-1256\n Atte Kettunen discovered a use-after-free issue in the\n SVG implementation.\n\n - CVE-2015-1257\n miaubiz discovered an overflow issue in the SVG\n implementation.\n\n - CVE-2015-1258\n cloudfuzzer discovered an invalid size parameter used in\n the libvpx library.\n\n - CVE-2015-1259\n Atte Kettunen discovered an uninitialized memory issue\n in the pdfium library.\n\n - CVE-2015-1260\n Khalil Zhani discovered multiple use-after-free issues\n in chromium's interface to the WebRTC library.\n\n - CVE-2015-1261\n Juho Nurminen discovered a URL bar spoofing issue.\n\n - CVE-2015-1262\n miaubiz discovered the use of an uninitialized class\n member in font handling.\n\n - CVE-2015-1263\n Mike Ruddy discovered that downloading the spellcheck\n dictionary was not done over HTTPS.\n\n - CVE-2015-1264\n K0r3Ph1L discovered a cross-site scripting issue that\n could be triggered by bookmarking a site.\n\n - CVE-2015-1265\n The chrome 43 development team found and fixed various\n issues during internal auditing. Also multiple issues\n were fixed in the libv8 library, version 4.3.61.21.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/chromium-browser\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3267\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the chromium-browser packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 43.0.2357.65-1~deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"chromedriver\", reference:\"43.0.2357.65-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium\", reference:\"43.0.2357.65-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-dbg\", reference:\"43.0.2357.65-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-inspector\", reference:\"43.0.2357.65-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"chromium-l10n\", reference:\"43.0.2357.65-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:45:50", "description": "Google Chrome Releases reports :\n\n37 security fixes in this release, including :\n\n- [474029] High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous.\n\n- [464552] High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous.\n\n- [444927] High CVE-2015-1254: Cross-origin bypass in Editing. Credit to armin@rawsec.net.\n\n- [473253] High CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani.\n\n- [478549] High CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.\n\n- [481015] High CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined working with HP's Zero Day Initiative.\n\n- [468519] Medium CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz.\n\n- [450939] Medium CVE-2015-1258: Negative-size parameter in libvpx.\nCredit to cloudfuzzer\n\n- [468167] Medium CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen of OUSPG\n\n- [474370] Medium CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani.\n\n- [466351] Medium CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen.\n\n- [476647] Medium CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz.\n\n- [479162] Low CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to Mike Ruddy.\n\n- [481015] Low CVE-2015-1264: Cross-site scripting in bookmarks.\nCredit to K0r3Ph1L.\n\n- [489518] CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives.\n\n- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 4.3.61.21).", "cvss3": {"score": null, "vector": null}, "published": "2015-05-20T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (a9d456b4-fe4c-11e4-ad15-00262d5ed8ee)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "p-cpe:/a:freebsd:freebsd:chromium-npapi", "p-cpe:/a:freebsd:freebsd:chromium-pulse", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_A9D456B4FE4C11E4AD1500262D5ED8EE.NASL", "href": "https://www.tenable.com/plugins/nessus/83556", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83556);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-1251\", \"CVE-2015-1252\", \"CVE-2015-1253\", \"CVE-2015-1254\", \"CVE-2015-1255\", \"CVE-2015-1256\", \"CVE-2015-1257\", \"CVE-2015-1258\", \"CVE-2015-1259\", \"CVE-2015-1260\", \"CVE-2015-1261\", \"CVE-2015-1262\", \"CVE-2015-1263\", \"CVE-2015-1264\", \"CVE-2015-1265\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (a9d456b4-fe4c-11e4-ad15-00262d5ed8ee)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Google Chrome Releases reports :\n\n37 security fixes in this release, including :\n\n- [474029] High CVE-2015-1252: Sandbox escape in Chrome. Credit to\nanonymous.\n\n- [464552] High CVE-2015-1253: Cross-origin bypass in DOM. Credit to\nanonymous.\n\n- [444927] High CVE-2015-1254: Cross-origin bypass in Editing. Credit\nto armin@rawsec.net.\n\n- [473253] High CVE-2015-1255: Use-after-free in WebAudio. Credit to\nKhalil Zhani.\n\n- [478549] High CVE-2015-1256: Use-after-free in SVG. Credit to Atte\nKettunen of OUSPG.\n\n- [481015] High CVE-2015-1251: Use-after-free in Speech. Credit to\nSkyLined working with HP's Zero Day Initiative.\n\n- [468519] Medium CVE-2015-1257: Container-overflow in SVG. Credit to\nmiaubiz.\n\n- [450939] Medium CVE-2015-1258: Negative-size parameter in libvpx.\nCredit to cloudfuzzer\n\n- [468167] Medium CVE-2015-1259: Uninitialized value in PDFium. Credit\nto Atte Kettunen of OUSPG\n\n- [474370] Medium CVE-2015-1260: Use-after-free in WebRTC. Credit to\nKhalil Zhani.\n\n- [466351] Medium CVE-2015-1261: URL bar spoofing. Credit to Juho\nNurminen.\n\n- [476647] Medium CVE-2015-1262: Uninitialized value in Blink. Credit\nto miaubiz.\n\n- [479162] Low CVE-2015-1263: Insecure download of spellcheck\ndictionary. Credit to Mike Ruddy.\n\n- [481015] Low CVE-2015-1264: Cross-site scripting in bookmarks.\nCredit to K0r3Ph1L.\n\n- [489518] CVE-2015-1265: Various fixes from internal audits, fuzzing\nand other initiatives.\n\n- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch\n(currently 4.3.61.21).\"\n );\n # http://googlechromereleases.blogspot.nl/2015/05/stable-channel-update_19.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?73e36afd\"\n );\n # https://vuxml.freebsd.org/freebsd/a9d456b4-fe4c-11e4-ad15-00262d5ed8ee.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7182e7bf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-npapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium-pulse\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<43.0.2357.65\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-npapi<43.0.2357.65\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"chromium-pulse<43.0.2357.65\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:45:47", "description": "Chromium was updated to 43.0.2357.65 to fix security issues and bugs.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-1251: Use-after-free in Speech (boo#931659)\n\n - CVE-2015-1252: Sandbox escape in Chrome (boo#931671)\n\n - CVE-2015-1253: Cross-origin bypass in DOM (boo#931670)\n\n - CVE-2015-1254: Cross-origin bypass in Editing (boo#931669)\n\n - CVE-2015-1255: Use-after-free in WebAudio (boo#931674)\n\n - CVE-2015-1256: Use-after-free in SVG (boo#931664)\n\n - CVE-2015-1257: Container-overflow in SVG (boo#931665)\n\n - CVE-2015-1258: Negative-size parameter in Libvpx (boo#931666)\n\n - CVE-2015-1259: Uninitialized value in PDFium (boo#931667)\n\n - CVE-2015-1260: Use-after-free in WebRTC (boo#931668)\n\n - CVE-2015-1261: URL bar spoofing (boo#931673)\n\n - CVE-2015-1262: Uninitialized value in Blink (boo#931672)\n\n - CVE-2015-1263: Insecure download of spellcheck dictionary (boo#931663)\n\n - CVE-2015-1264: Cross-site scripting in bookmarks (boo#931661)\n\n - CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives (boo#931660)\n\n - Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 4.3.61.21)", "cvss3": {"score": null, "vector": null}, "published": "2015-06-01T00:00:00", "type": "nessus", "title": "openSUSE Security Update : Chromium (openSUSE-2015-390)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "p-cpe:/a:novell:opensuse:chromium-debugsource", "p-cpe:/a:novell:opensuse:chromium-desktop-gnome", "p-cpe:/a:novell:opensuse:chromium-desktop-kde", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo", "p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-390.NASL", "href": "https://www.tenable.com/plugins/nessus/83915", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-390.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83915);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-1251\", \"CVE-2015-1252\", \"CVE-2015-1253\", \"CVE-2015-1254\", \"CVE-2015-1255\", \"CVE-2015-1256\", \"CVE-2015-1257\", \"CVE-2015-1258\", \"CVE-2015-1259\", \"CVE-2015-1260\", \"CVE-2015-1261\", \"CVE-2015-1262\", \"CVE-2015-1263\", \"CVE-2015-1264\", \"CVE-2015-1265\");\n\n script_name(english:\"openSUSE Security Update : Chromium (openSUSE-2015-390)\");\n script_summary(english:\"Check for the openSUSE-2015-390 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chromium was updated to 43.0.2357.65 to fix security issues and bugs.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2015-1251: Use-after-free in Speech (boo#931659)\n\n - CVE-2015-1252: Sandbox escape in Chrome (boo#931671)\n\n - CVE-2015-1253: Cross-origin bypass in DOM (boo#931670)\n\n - CVE-2015-1254: Cross-origin bypass in Editing\n (boo#931669)\n\n - CVE-2015-1255: Use-after-free in WebAudio (boo#931674)\n\n - CVE-2015-1256: Use-after-free in SVG (boo#931664)\n\n - CVE-2015-1257: Container-overflow in SVG (boo#931665)\n\n - CVE-2015-1258: Negative-size parameter in Libvpx\n (boo#931666)\n\n - CVE-2015-1259: Uninitialized value in PDFium\n (boo#931667)\n\n - CVE-2015-1260: Use-after-free in WebRTC (boo#931668)\n\n - CVE-2015-1261: URL bar spoofing (boo#931673)\n\n - CVE-2015-1262: Uninitialized value in Blink (boo#931672)\n\n - CVE-2015-1263: Insecure download of spellcheck\n dictionary (boo#931663)\n\n - CVE-2015-1264: Cross-site scripting in bookmarks\n (boo#931661)\n\n - CVE-2015-1265: Various fixes from internal audits,\n fuzzing and other initiatives (boo#931660)\n\n - Multiple vulnerabilities in V8 fixed at the tip of the\n 4.3 branch (currently 4.3.61.21)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931674\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-desktop-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-ffmpegsumo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-43.0.2357.65-84.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromedriver-debuginfo-43.0.2357.65-84.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-43.0.2357.65-84.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debuginfo-43.0.2357.65-84.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-debugsource-43.0.2357.65-84.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-gnome-43.0.2357.65-84.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-desktop-kde-43.0.2357.65-84.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-43.0.2357.65-84.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"chromium-ffmpegsumo-debuginfo-43.0.2357.65-84.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-43.0.2357.65-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromedriver-debuginfo-43.0.2357.65-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-43.0.2357.65-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debuginfo-43.0.2357.65-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-debugsource-43.0.2357.65-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-gnome-43.0.2357.65-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-desktop-kde-43.0.2357.65-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-43.0.2357.65-29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"chromium-ffmpegsumo-debuginfo-43.0.2357.65-29.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:45:59", "description": "Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2015-1251, CVE-2015-1252, CVE-2015-1253, CVE-2015-1254, CVE-2015-1255, CVE-2015-1256, CVE-2015-1257, CVE-2015-1258, CVE-2015-1259, CVE-2015-1260, CVE-2015-1261, CVE-2015-1262, CVE-2015-1263, CVE-2015-1264, CVE-2015-1265)\n\nAll Chromium users should upgrade to these updated packages, which contain Chromium version 43.0.2357.65, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the changes to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2015-05-26T00:00:00", "type": "nessus", "title": "RHEL 6 : chromium-browser (RHSA-2015:1023)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2021-02-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:chromium-browser", "p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.6"], "id": "REDHAT-RHSA-2015-1023.NASL", "href": "https://www.tenable.com/plugins/nessus/83808", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1023. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83808);\n script_version(\"2.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2015-1251\", \"CVE-2015-1252\", \"CVE-2015-1253\", \"CVE-2015-1254\", \"CVE-2015-1255\", \"CVE-2015-1256\", \"CVE-2015-1257\", \"CVE-2015-1258\", \"CVE-2015-1259\", \"CVE-2015-1260\", \"CVE-2015-1261\", \"CVE-2015-1262\", \"CVE-2015-1263\", \"CVE-2015-1264\", \"CVE-2015-1265\");\n script_bugtraq_id(74723, 74727);\n script_xref(name:\"RHSA\", value:\"2015:1023\");\n\n script_name(english:\"RHEL 6 : chromium-browser (RHSA-2015:1023)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated chromium-browser packages that fix multiple security issues\nare now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nChromium is an open source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Chromium to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running Chromium. (CVE-2015-1251, CVE-2015-1252, CVE-2015-1253,\nCVE-2015-1254, CVE-2015-1255, CVE-2015-1256, CVE-2015-1257,\nCVE-2015-1258, CVE-2015-1259, CVE-2015-1260, CVE-2015-1261,\nCVE-2015-1262, CVE-2015-1263, CVE-2015-1264, CVE-2015-1265)\n\nAll Chromium users should upgrade to these updated packages, which\ncontain Chromium version 43.0.2357.65, which corrects these issues.\nAfter installing the update, Chromium must be restarted for the\nchanges to take effect.\"\n );\n # https://googlechromereleases.blogspot.com/2015/05/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://chromereleases.googleblog.com/2015/05/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-1258\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected chromium-browser and / or\nchromium-browser-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1023\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-43.0.2357.65-1.el6_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-43.0.2357.65-1.el6_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"chromium-browser-debuginfo-43.0.2357.65-1.el6_6\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"chromium-browser-debuginfo-43.0.2357.65-1.el6_6\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium-browser / chromium-browser-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-19T20:38:36", "description": "Chromium is an open-source web browser, powered by WebKit (Blink).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Chromium to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nChromium. (CVE-2015-1251, CVE-2015-1252, CVE-2015-1253, CVE-2015-1254,\nCVE-2015-1255, CVE-2015-1256, CVE-2015-1257, CVE-2015-1258, CVE-2015-1259,\nCVE-2015-1260, CVE-2015-1261, CVE-2015-1262, CVE-2015-1263, CVE-2015-1264,\nCVE-2015-1265)\n\nAll Chromium users should upgrade to these updated packages, which contain\nChromium version 43.0.2357.65, which corrects these issues. After\ninstalling the update, Chromium must be restarted for the changes to take\neffect.\n", "cvss3": {}, "published": "2015-05-25T00:00:00", "type": "redhat", "title": "(RHSA-2015:1023) Important: chromium-browser security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2018-06-07T05:04:24", "id": "RHSA-2015:1023", "href": "https://access.redhat.com/errata/RHSA-2015:1023", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:32", "description": "\n\nGoogle Chrome Releases reports:\n\n37 security fixes in this release, including:\n\n[474029] High CVE-2015-1252: Sandbox escape in Chrome. Credit\n\t to anonymous.\n[464552] High CVE-2015-1253: Cross-origin bypass in DOM. Credit\n\t to anonymous.\n[444927] High CVE-2015-1254: Cross-origin bypass in Editing.\n\t Credit to armin@rawsec.net.\n[473253] High CVE-2015-1255: Use-after-free in WebAudio. Credit\n\t to Khalil Zhani.\n[478549] High CVE-2015-1256: Use-after-free in SVG. Credit to\n\t Atte Kettunen of OUSPG.\n[481015] High CVE-2015-1251: Use-after-free in Speech. Credit\n\t to SkyLined working with HP's Zero Day Initiative.\n[468519] Medium CVE-2015-1257: Container-overflow in SVG.\n\t Credit to miaubiz.\n[450939] Medium CVE-2015-1258: Negative-size parameter in\n\t libvpx. Credit to cloudfuzzer\n[468167] Medium CVE-2015-1259: Uninitialized value in PDFium.\n\t Credit to Atte Kettunen of OUSPG\n[474370] Medium CVE-2015-1260: Use-after-free in WebRTC. Credit\n\t to Khalil Zhani.\n[466351] Medium CVE-2015-1261: URL bar spoofing. Credit to Juho\n\t Nurminen.\n[476647] Medium CVE-2015-1262: Uninitialized value in Blink.\n\t Credit to miaubiz.\n[479162] Low CVE-2015-1263: Insecure download of spellcheck\n\t dictionary. Credit to Mike Ruddy.\n[481015] Low CVE-2015-1264: Cross-site scripting in bookmarks.\n\t Credit to K0r3Ph1L.\n[489518] CVE-2015-1265: Various fixes from internal audits,\n\t fuzzing and other initiatives.\nMultiple vulnerabilities in V8 fixed at the tip of the 4.3\n\t branch (currently 4.3.61.21).\n\n\n\n", "cvss3": {}, "published": "2015-05-19T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2015-05-19T00:00:00", "id": "A9D456B4-FE4C-11E4-AD15-00262D5ED8EE", "href": "https://vuxml.freebsd.org/freebsd/a9d456b4-fe4c-11e4-ad15-00262d5ed8ee.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "chrome": [{"lastseen": "2021-12-30T22:33:54", "description": "The Chrome team is happy to announce the promotion of Chrome 43 to the stable channel for Windows, Mac and Linux. Chrome 43.0.2357.65 contains a number of fixes and improvements. A list of changes is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/42.0.2311.0..43.0.2357.0?pretty=fuller&n=10000>). \n\n**Security Fixes and Rewards** \n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed. \n\nThis update includes [37 security fixes](<https://code.google.com/p/chromium/issues/list?can=1&q=type%3Abug-security+label%3ARelease-0-M43&sort=id+-security_severity+-secseverity+-owner+-modified&colspec=ID+Pri+Status+Summary+Modified+OS+M+Security_severity+Security_impact+Owner+Reporter&cells=tiles>). Below, we highlight fixes that were contributed by external researchers. Please see the [Chromium security page](<http://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information. \n\n\n[$16337][[474029](<https://code.google.com/p/chromium/issues/detail?id=474029>)]** High** CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous. \n[$7500][[464552](<https://code.google.com/p/chromium/issues/detail?id=464552>)] **High** CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous. \n[$3000][[444927](<https://code.google.com/p/chromium/issues/detail?id=444927>)] **High** CVE-2015-1254: Cross-origin bypass in Editing. Credit to Armin Razmdjou. \n[$3000][[473253](<https://code.google.com/p/chromium/issues/detail?id=473253>)] **High** CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani. \n[$2000][[478549](<https://code.google.com/p/chromium/issues/detail?id=478549>)] **High** CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG. \n[[481015](<https://code.google.com/p/chromium/issues/detail?id=481015>)] **High** CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined working with HP's Zero Day Initiative \n[$1500][[468519](<https://code.google.com/p/chromium/issues/detail?id=468519>)] **Medium** CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz. \n[$1000][[450939](<https://code.google.com/p/chromium/issues/detail?id=450939>)] **Medium** CVE-2015-1258: Negative-size parameter in Libvpx. Credit to cloudfuzzer \n[$1000][[468167](<https://code.google.com/p/chromium/issues/detail?id=468167>)] **Medium** CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen of OUSPG \n[$1000][[474370](<https://code.google.com/p/chromium/issues/detail?id=474370>)] **Medium** CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani. \n[$500][[466351](<https://code.google.com/p/chromium/issues/detail?id=466351>)] **Medium** CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen. \n[$500][[476647](<https://code.google.com/p/chromium/issues/detail?id=476647>)] **Medium** CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz. \n[$500][[479162](<https://code.google.com/p/chromium/issues/detail?id=479162>)] **Low** CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to Mike Ruddy. \n[$500][[481015](<https://code.google.com/p/chromium/issues/detail?id=481015>)] **Low** CVE-2015-1264: Cross-site scripting in bookmarks. Credit to K0r3Ph1L. \n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. The total value of additional rewards and their recipients will updated here when all reports have gone through the reward panel. \n\n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes: \n\n\n * [[489518](<https://code.google.com/p/chromium/issues/detail?id=489518>)] CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives.\n * Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 4.3.61.21).\n\nMany of the above bugs were detected using [AddressSanitizer](<http://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>) or [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>). \n\nInterested in switching release channels? [Find out how](<http://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<http://crbug.com/>). \n\n\n\n\n\nAre you a project manager, with a technical background, who is passionate about Chrome and moving the web forward? We are [hiring](<https://www.google.com/about/careers/search#!t=jo&jid=72645002&>)! \n\n\n\nAnthony Laforge \nGoogle Chrome", "cvss3": {}, "published": "2015-05-19T00:00:00", "type": "chrome", "title": "Stable Channel Update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265"], "modified": "2015-05-19T00:00:00", "id": "GCSA-990503644729999677", "href": "https://chromereleases.googleblog.com/2015/05/stable-channel-update_19.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2021-08-18T11:24:55", "description": "### *Detect date*:\n05/19/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, conduct cross-scripting attack, cause denial of service or execute arbitrary code.\n\n### *Affected products*:\nGoogle Chrome versions earlier than 43.0.2357.65\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Get Google Chrome](<https://www.google.com/chrome/browser/desktop/index.html>)\n\n### *Original advisories*:\n[Google blog](<http://feedproxy.google.com/~r/GoogleChromeReleases/~3/r7j0t-RwdaU/stable-channel-update_19.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2015-1258](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1258>)7.5Critical \n[CVE-2015-1259](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1259>)7.5Critical \n[CVE-2015-1265](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1265>)7.5Critical \n[CVE-2015-1251](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1251>)6.8High \n[CVE-2015-1262](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1262>)7.5Critical \n[CVE-2015-1264](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1264>)4.3Warning \n[CVE-2015-1252](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1252>)7.5Critical \n[CVE-2015-3910](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3910>)7.5Critical \n[CVE-2015-1263](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1263>)4.3Warning \n[CVE-2015-1260](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1260>)7.5Critical \n[CVE-2015-1261](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1261>)5.0Critical \n[CVE-2015-1255](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1255>)6.8High \n[CVE-2015-1257](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1257>)7.5Critical \n[CVE-2015-1256](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1256>)7.5Critical \n[CVE-2015-1254](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1254>)5.0Critical \n[CVE-2015-1253](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1253>)7.5Critical\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {}, "published": "2015-05-19T00:00:00", "type": "kaspersky", "title": "KLA10585 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265", "CVE-2015-3910"], "modified": "2020-06-18T00:00:00", "id": "KLA10585", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10585/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:06:51", "description": "\nSeveral vulnerabilities were discovered in the chromium web browser.\n\n\n* [CVE-2015-1251](https://security-tracker.debian.org/tracker/CVE-2015-1251)\nSkyLined discovered a use-after-free issue in speech \n recognition.\n* [CVE-2015-1252](https://security-tracker.debian.org/tracker/CVE-2015-1252)\nAn out-of-bounds write issue was discovered that could be used to\n escape from the sandbox.\n* [CVE-2015-1253](https://security-tracker.debian.org/tracker/CVE-2015-1253)\nA cross-origin bypass issue was discovered in the DOM parser.\n* [CVE-2015-1254](https://security-tracker.debian.org/tracker/CVE-2015-1254)\nA cross-origin bypass issue was discovered in the DOM editing \n feature.\n* [CVE-2015-1255](https://security-tracker.debian.org/tracker/CVE-2015-1255)\nKhalil Zhani discovered a use-after-free issue in WebAudio.\n* [CVE-2015-1256](https://security-tracker.debian.org/tracker/CVE-2015-1256)\nAtte Kettunen discovered a use-after-free issue in the SVG\n implementation.\n* [CVE-2015-1257](https://security-tracker.debian.org/tracker/CVE-2015-1257)\nmiaubiz discovered an overflow issue in the SVG implementation.\n* [CVE-2015-1258](https://security-tracker.debian.org/tracker/CVE-2015-1258)\ncloudfuzzer discovered an invalid size parameter used in the\n libvpx library.\n* [CVE-2015-1259](https://security-tracker.debian.org/tracker/CVE-2015-1259)\nAtte Kettunen discovered an uninitialized memory issue in the\n pdfium library.\n* [CVE-2015-1260](https://security-tracker.debian.org/tracker/CVE-2015-1260)\nKhalil Zhani discovered multiple use-after-free issues in chromium's\n interface to the WebRTC library.\n* [CVE-2015-1261](https://security-tracker.debian.org/tracker/CVE-2015-1261)\nJuho Nurminen discovered a URL bar spoofing issue.\n* [CVE-2015-1262](https://security-tracker.debian.org/tracker/CVE-2015-1262)\nmiaubiz discovered the use of an uninitialized class member in\n font handling.\n* [CVE-2015-1263](https://security-tracker.debian.org/tracker/CVE-2015-1263)\nMike Ruddy discovered that downloading the spellcheck dictionary\n was not done over HTTPS.\n* [CVE-2015-1264](https://security-tracker.debian.org/tracker/CVE-2015-1264)\nK0r3Ph1L discovered a cross-site scripting issue that could be\n triggered by bookmarking a site.\n* [CVE-2015-1265](https://security-tracker.debian.org/tracker/CVE-2015-1265)\nThe chrome 43 development team found and fixed various issues\n during internal auditing. Also multiple issues were fixed in\n the libv8 library, version 4.3.61.21.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 43.0.2357.65-1~deb8u1.\n\n\nFor the testing distribution (stretch), these problems will be fixed soon.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 43.0.2357.65-1.\n\n\nWe recommend that you upgrade your chromium-browser packages.\n\n\n", "cvss3": {}, "published": "2015-05-22T00:00:00", "type": "osv", "title": "chromium-browser - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1251", "CVE-2015-1252", "CVE-2015-1253", "CVE-2015-1254", "CVE-2015-1255", "CVE-2015-1256", "CVE-2015-1257", "CVE-2015-1258", "CVE-2015-1259", "CVE-2015-1260", "CVE-2015-1261", "CVE-2015-1262", "CVE-2015-1263", "CVE-2015-1264", "CVE-2015-1265", "CVE-2015-3910"], "modified": "2022-08-10T07:06:46", "id": "OSV:DSA-3267-1", "href": "https://osv.dev/vulnerability/DSA-3267-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
CVE-2015-1261
