CVE-2015-8664
published 2015-12-24CVE-2015-8664: Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to…
PriorityP349high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
5.50%
91.8th percentile
Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome | <= 47.0.2526.80 | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gr4r-9v54-jxjh: The MIDI subsystem in Google Chrome before 47
ghsa_unreviewed·2022-05-17·CVSS 8.8
CVE-2015-6792 [HIGH] GHSA-gr4r-9v54-jxjh: The MIDI subsystem in Google Chrome before 47
The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664.
GHSA
GHSA-4wq5-7mhx-9xh5: Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor
ghsa_unreviewed·2022-05-17·CVSS 9.8
CVE-2015-8664 [CRITICAL] GHSA-4wq5-7mhx-9xh5: Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor
Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792.
OSV
oxide-qt vulnerabilities
osv·2016-01-11·CVSS 9.3
CVE-2015-6789 [CRITICAL] oxide-qt vulnerabilities
oxide-qt vulnerabilities
A race condition was discovered in the MutationObserver implementation in
Blink. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit this to cause a denial of service
via renderer crash, or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2015-6789)
An issue was discovered with the page serializer in Blink. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to inject arbitrary script or HTML.
(CVE-2015-6790)
Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of servic
OSV
CVE-2015-6792: The MIDI subsystem in Google Chrome before 47
osv·2015-12-24·CVSS 9.8
CVE-2015-6792 [CRITICAL] CVE-2015-6792: The MIDI subsystem in Google Chrome before 47
The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664.
OSV
CVE-2015-8664: Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor
osv·2015-12-23·CVSS 9.8
CVE-2015-8664 [CRITICAL] CVE-2015-8664: Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor
Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792.
Ubuntu
Oxide vulnerabilities
vendor_ubuntu·2016-01-11·CVSS 9.3
CVE-2015-6789 [CRITICAL] Oxide vulnerabilities
Title: Oxide vulnerabilities
Summary: Several security issues were fixed in Oxide.
A race condition was discovered in the MutationObserver implementation in
Blink. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit this to cause a denial of service
via renderer crash, or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2015-6789)
An issue was discovered with the page serializer in Blink. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to inject arbitrary script or HTML.
(CVE-2015-6790)
Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit t
Red Hat
chromium-browser: Use-After-free in MidiHost
vendor_redhat·2015-12-23·CVSS 9.8
CVE-2015-8664 [CRITICAL] CWE-416 chromium-browser: Use-After-free in MidiHost
chromium-browser: Use-After-free in MidiHost
Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792.
Red Hat
chromium-browser: Fixes from internal audits and fuzzing
vendor_redhat·2015-12-15·CVSS 9.8
CVE-2015-6792 [CRITICAL] chromium-browser: Fixes from internal audits and fuzzing
chromium-browser: Fixes from internal audits and fuzzing
The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664.
No detection rules found.
Bugzilla
CVE-2015-8664 chromium-browser: Use-After-free in MidiHost
bugzilla·2015-12-30·CVSS 9.8
CVE-2015-8664 [CRITICAL] CVE-2015-8664 chromium-browser: Use-After-free in MidiHost
CVE-2015-8664 chromium-browser: Use-After-free in MidiHost
Common Vulnerabilities and Exposures assigned an identifier CVE-2015-8664 to
the following vulnerability:
Name: CVE-2015-8664
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8664
Assigned: 20151223
Reference: CONFIRM:http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html
Reference: CONFIRM:https://code.google.com/p/chromium/issues/detail?id=565023
Reference: CONFIRM:https://code.google.com/p/chromium/issues/detail?id=569486
Reference: CONFIRM:https://codereview.chromium.org/1498903003
Integer overflow in the WebCursor::Deserialize function in
content/common/cursors/webcursor.cc in Google Chrome before
47.0.2526.106 allows remote attackers to cause a denial of service or
possibly have unspecifi
Bugzilla
CVE-2015-6792 chromium-browser: Fixes from internal audits and fuzzing
bugzilla·2015-12-16·CVSS 9.8
CVE-2015-6792 [CRITICAL] CVE-2015-6792 chromium-browser: Fixes from internal audits and fuzzing
CVE-2015-6792 chromium-browser: Fixes from internal audits and fuzzing
As per chromium upstream security advisory:
The stable channel has been updated to 47.0.2526.106 for Windows, Mac, and Linux.
This update includes 2 security fixes as part of our ongoing internal security work:
[569486] CVE-2015-6792: Fixes from internal audits and fuzzing.
Upstream bug:
https://code.google.com/p/chromium/issues/detail?id=569486
External References:
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.html
Discussion:
This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2015:2665 https://rhn.redhat.com/errata/RHSA-2015-2665.html
---
As per:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6792
This issue
http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.htmlhttp://www.securityfocus.com/bid/79686http://www.securitytracker.com/id/1034491http://www.ubuntu.com/usn/USN-2860-1https://code.google.com/p/chromium/issues/detail?id=565023https://code.google.com/p/chromium/issues/detail?id=569486https://codereview.chromium.org/1498903003http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_15.htmlhttp://www.securityfocus.com/bid/79686http://www.securitytracker.com/id/1034491http://www.ubuntu.com/usn/USN-2860-1https://code.google.com/p/chromium/issues/detail?id=565023https://code.google.com/p/chromium/issues/detail?id=569486https://codereview.chromium.org/1498903003
2015-12-24
Published