CVE-2015-1234 — Race Condition in Google Chrome

CWE-362 — Race Condition CWE-122 — Heap-based Buffer Overflow9 documents7 sources

Severity

6.8MEDIUMNVD

OSV7.5

EPSS

3.2%

top 13.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedApr 1

Latest updateMay 13

Description

Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDgoogle/chrome41.0.2272.102

🔴Vulnerability Details

GHSA

GHSA-9w5w-83r2-23xw: Race condition in gpu/command_buffer/service/gles2_cmd_decoder↗2022-05-13

▶

OSV

oxide-qt vulnerabilities↗2015-04-07

▶

OSV

CVE-2015-1234: Race condition in gpu/command_buffer/service/gles2_cmd_decoder↗2015-04-01

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2015-04-07

▶

Red Hat

chromium-browser: buffer overflow via race condition in GPU↗2015-04-02

▶

📄Research Papers

arXiv

SOK: On the Analysis of Web Browser Security↗2021-12-31

▶

arXiv

Rethinking Misalignment to Raise the Bar for Heap Pointer Corruption↗2018-08-08

▶

💬Community

Bugzilla

CVE-2015-1234 chromium-browser: buffer overflow via race condition in GPU↗2015-04-02

▶