CVE-2015-1205 — Improper Access Control in Google Chrome

CWE-284 — Improper Access Control CWE-264 CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer25 documents6 sources

Severity

7.5HIGHNVD

NVD6.8NVD4.6NVD4.3OSV6.8

EPSS

1.0%

top 23.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Chromium Google Chrome Canonical Ubuntu Linux

Timeline

PublishedJan 22

Latest updateMay 17

Description

Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDgoogle/chrome40.0.2214.85

▶NVDchromium/chromium40.0.2214.94

Also affects: Ubuntu Linux 14.04, 14.10

🔴Vulnerability Details

GHSA

GHSA-8rg6-4v99-qp5v: platform/image-decoders/ImageFrame↗2022-05-17

▶

GHSA

GHSA-mf42-wf93-6v66: Use-after-free vulnerability in PDFium, as used in Google Chrome before 40↗2022-05-17

▶

GHSA

GHSA-7352-jw4q-788p: Multiple unspecified vulnerabilities in Google Chrome before 40↗2022-05-17

▶

GHSA

GHSA-84hc-7w5w-q3hv: Multiple off-by-one errors in fpdfapi/fpdf_font/font_int↗2022-05-17

▶

GHSA

GHSA-jq3p-55hr-jqv2: Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distrib↗2022-05-17

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2015-01-26

▶

Red Hat

chromium-browser: multiple unspecified vulnerabilities↗2015-01-21

▶

💬Community

Bugzilla

CVE-2016-2150 spice: Host memory access from guest with invalid primary surface parameters↗2016-03-01

▶

Bugzilla

CVE-2014-9654 icu: insufficient size limit checks in regular expression compiler↗2015-02-06

▶

Bugzilla

CVE-2015-1205 chromium-browser: multiple unspecified vulnerabilities↗2015-01-23

▶