CVE-2015-6792 — Use After Free in Google Chrome

CWE-416 — Use After Free10 documents5 sources

Severity

9.8CRITICALNVD

NVD8.8

EPSS

19.7%

top 4.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedDec 24

Latest updateMay 17

Description

The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDgoogle/chrome47.0.2526.80

🔴Vulnerability Details

GHSA

GHSA-gr4r-9v54-jxjh: The MIDI subsystem in Google Chrome before 47↗2022-05-17

▶

GHSA

GHSA-4wq5-7mhx-9xh5: Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor↗2022-05-17

▶

OSV

CVE-2015-6792: The MIDI subsystem in Google Chrome before 47↗2015-12-24

▶

OSV

CVE-2015-8664: Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor↗2015-12-23

▶

📋Vendor Advisories

Red Hat

chromium-browser: Use-After-free in MidiHost↗2015-12-23

▶

Red Hat

chromium-browser: Fixes from internal audits and fuzzing↗2015-12-15

▶

💬Community

Bugzilla

CVE-2015-8664 chromium-browser: Use-After-free in MidiHost↗2015-12-30

▶

Bugzilla

CVE-2015-6792 chromium-browser: Fixes from internal audits and fuzzing↗2015-12-16

▶