CVE-2015-6787
published 2015-12-06CVE-2015-6787: Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via…
PriorityP346critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
8.12%
94.1th percentile
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | <= 46.0.2490.86 | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_redhat10.0CRITICAL
vendor_ubuntu10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5p9h-vcjc-336q: Multiple unspecified vulnerabilities in Google Chrome before 47
ghsa_unreviewed·2022-05-17
CVE-2015-6787 [HIGH] GHSA-5p9h-vcjc-336q: Multiple unspecified vulnerabilities in Google Chrome before 47
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
OSV
oxide-qt vulnerabilities
osv·2015-12-10·CVSS 10.0
CVE-2015-6765 [CRITICAL] oxide-qt vulnerabilities
oxide-qt vulnerabilities
Multiple use-after-free bugs were discovered in the application cache
implementation in Chromium. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking the program. (CVE-2015-6765,
CVE-2015-6766, CVE-2015-6767)
Several security issues were discovered in the DOM implementation in
Chromium. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to bypass same
origin restrictions. (CVE-2015-6768, CVE-2015-6770)
A security issue was discovered in the provisional-load commit
implementation in Chromium. If a user were tricked in to opening a
OSV
CVE-2015-6787: Multiple unspecified vulnerabilities in Google Chrome before 47
osv·2015-12-05·CVSS 10.0
CVE-2015-6787 [CRITICAL] CVE-2015-6787: Multiple unspecified vulnerabilities in Google Chrome before 47
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Ubuntu
Oxide vulnerabilities
vendor_ubuntu·2015-12-10·CVSS 10.0
CVE-2015-6765 [CRITICAL] Oxide vulnerabilities
Title: Oxide vulnerabilities
Summary: Several security issues were fixed in Oxide.
Multiple use-after-free bugs were discovered in the application cache
implementation in Chromium. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking the program. (CVE-2015-6765,
CVE-2015-6766, CVE-2015-6767)
Several security issues were discovered in the DOM implementation in
Chromium. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to bypass same
origin restrictions. (CVE-2015-6768, CVE-2015-6770)
A security issue was discovered in the provisional-load commit
implemen
Red Hat
chromium-browser: Various fixes from internal audits
vendor_redhat·2015-12-01·CVSS 10.0
CVE-2015-6787 [CRITICAL] chromium-browser: Various fixes from internal audits
chromium-browser: Various fixes from internal audits
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
No detection rules found.
Exploit-DB
pdfium - CPDF_Function::Call Stack Buffer Overflow
exploitdb·2016-01-04
CVE-2015-6787 pdfium - CPDF_Function::Call Stack Buffer Overflow
pdfium - CPDF_Function::Call Stack Buffer Overflow
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=612
The following crash was encountered in pdfium (the Chrome PDF renderer) during PDF fuzzing:
--- cut ---
$ ./pdfium_test asan_stack-oob_b9a750_1372_52559cc9c86b4bc0fb43218c7f69c5c8
Rendering PDF file asan_stack-oob_b9a750_1372_52559cc9c86b4bc0fb43218c7f69c5c8.
Non-linearized path...
==22207==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc8b7edb84 at pc 0x000000d6f064 bp 0x7ffc8b7ed8c0 sp 0x7ffc8b7ed8b8
READ of size 4 at 0x7ffc8b7edb84 thread T0
#0 0xd6f063 in CPDF_Function::Call(float*, int, float*, int&) const core/src/fpdfapi/fpdf_page/fpdf_page_func.cpp:896:9
#1 0xd6ecd2 in CPDF_StitchFunc::v_Call(float*, float*) const core/src/fpdfap
Exploit-DB
pdfium - CPDF_TextObject::CalcPositionData Heap Out-of-Bounds Read
exploitdb·2016-01-04
CVE-2015-6787 pdfium - CPDF_TextObject::CalcPositionData Heap Out-of-Bounds Read
pdfium - CPDF_TextObject::CalcPositionData Heap Out-of-Bounds Read
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=623
The following crash was encountered in pdfium (the Chrome PDF renderer) during PDF fuzzing:
--- cut ---
$ ./pdfium_test asan_heap-oob_b4a7e0_7134_a91748c99d169425fc39c76197d7cd74
Rendering PDF file asan_heap-oob_b4a7e0_7134_a91748c99d169425fc39c76197d7cd74.
Non-linearized path...
==27153==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700000794c at pc 0x000000cfaaef bp 0x7ffd89a11070 sp 0x7ffd89a11068
READ of size 4 at 0x60700000794c thread T0
#0 0xcfaaee in CPDF_TextObject::CalcPositionData(float*, float*, float, int) core/src/fpdfapi/fpdf_page/fpdf_page.cpp:411:17
#1 0xda18a4 in CPDF_StreamContentParser::AddTextObject(CFX
Exploit-DB
pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Out-of-Bounds Read
exploitdb·2016-01-04
CVE-2015-6787 pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Out-of-Bounds Read
pdfium - CPDF_DIBSource::DownSampleScanline32Bit Heap Out-of-Bounds Read
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=625
The following crash was encountered in pdfium (the Chrome PDF renderer) during PDF fuzzing:
--- cut ---
$ ./pdfium_test asan_heap-oob_d08cef_3699_8361562cacee739a7c6cb31eea735eb6
Rendering PDF file asan_heap-oob_d08cef_3699_8361562cacee739a7c6cb31eea735eb6.
Non-linearized path...
==28672==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61800000f7b2 at pc 0x000000ed2cac bp 0x7ffea0af5970 sp 0x7ffea0af5968
READ of size 1 at 0x61800000f7b2 thread T0
#0 0xed2cab in CPDF_DIBSource::DownSampleScanline32Bit(int, int, unsigned int, unsigned char const*, unsigned char*, int, int, int, int) const core/src/fpdfapi/fpdf_render/fpdf_
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.htmlhttp://www.securitytracker.com/id/1034298http://www.ubuntu.com/usn/USN-2825-1https://code.google.com/p/chromium/issues/detail?id=525330https://code.google.com/p/chromium/issues/detail?id=526286https://code.google.com/p/chromium/issues/detail?id=526441https://code.google.com/p/chromium/issues/detail?id=529554https://code.google.com/p/chromium/issues/detail?id=534621https://code.google.com/p/chromium/issues/detail?id=537823https://code.google.com/p/chromium/issues/detail?id=540949https://code.google.com/p/chromium/issues/detail?id=545173https://code.google.com/p/chromium/issues/detail?id=551460https://code.google.com/p/chromium/issues/detail?id=551503https://code.google.com/p/chromium/issues/detail?id=552046https://code.google.com/p/chromium/issues/detail?id=554115https://code.google.com/p/chromium/issues/detail?id=554151https://code.google.com/p/chromium/issues/detail?id=563930https://security.gentoo.org/glsa/201603-09https://www.exploit-db.com/exploits/39162/https://www.exploit-db.com/exploits/39163/https://www.exploit-db.com/exploits/39165/http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.htmlhttp://www.securitytracker.com/id/1034298http://www.ubuntu.com/usn/USN-2825-1https://code.google.com/p/chromium/issues/detail?id=525330https://code.google.com/p/chromium/issues/detail?id=526286https://code.google.com/p/chromium/issues/detail?id=526441https://code.google.com/p/chromium/issues/detail?id=529554https://code.google.com/p/chromium/issues/detail?id=534621https://code.google.com/p/chromium/issues/detail?id=537823https://code.google.com/p/chromium/issues/detail?id=540949https://code.google.com/p/chromium/issues/detail?id=545173https://code.google.com/p/chromium/issues/detail?id=551460https://code.google.com/p/chromium/issues/detail?id=551503https://code.google.com/p/chromium/issues/detail?id=552046https://code.google.com/p/chromium/issues/detail?id=554115https://code.google.com/p/chromium/issues/detail?id=554151https://code.google.com/p/chromium/issues/detail?id=563930https://security.gentoo.org/glsa/201603-09https://www.exploit-db.com/exploits/39162/https://www.exploit-db.com/exploits/39163/https://www.exploit-db.com/exploits/39165/
2015-12-06
Published