Google Chrome vulnerabilities

CVE-2015-6779 [MEDIUM] CWE-264 CVE-2015-6779: PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a chrome://settings URL.

CVE-2015-6780 [MEDIUM] CVE-2015-6780: Use-after-free vulnerability in the Infobars implementation in Google Chrome before 47.0.2526.73 all Use-after-free vulnerability in the Infobars implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site, related to browser/ui/views/website_settings/website_settings_popup_view.cc.

CVE-2015-6785 [MEDIUM] CWE-264 CVE-2015-6785: The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Sec The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a *.x.y pattern, which might allow remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a polic

CVE-2015-6784 [MEDIUM] CWE-20 CVE-2015-6784: The page serializer in Google Chrome before 47.0.2526.73 mishandles Mark of the Web (MOTW) comments The page serializer in Google Chrome before 47.0.2526.73 mishandles Mark of the Web (MOTW) comments for URLs containing a "--" sequence, which might allow remote attackers to inject HTML via a crafted URL, as demonstrated by an initial http://example.com?-- substring.

CVE-2015-6782 [MEDIUM] CWE-20 CVE-2015-6782: The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526 The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, which makes it easier for remote attackers to spoof Omnibox content via a crafted web site.

CVE-2015-6776 [MEDIUM] CWE-119 CVE-2015-6776: The opj_dwt_decode_1* functions in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 47.0 The opj_dwt_decode_1* functions in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 47.0.2526.73, allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during a discrete wavelet transform.

CVE-2015-1302 [HIGH] CWE-20 CVE-2015-1302: The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages an The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc.

CVE-2015-6760 [HIGH] CWE-17 CVE-2015-6760: The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome be The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device.

CVE-2015-7834 [HIGH] CVE-2015-7834: Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2015-6762 [HIGH] CWE-254 CVE-2015-6762: The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style S The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows remote web servers to bypass the Same Origin Policy via

CVE-2015-6757 [HIGH] CVE-2015-6757: Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the Se Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging object destruction in a callback.

CVE-2015-6763 [HIGH] CVE-2015-6763: Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2015-6755 [HIGH] CWE-264 CVE-2015-6755: The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Go The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.

CVE-2015-6759 [MEDIUM] CWE-200 CVE-2015-6759: The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors involving a blob: URL.

CVE-2015-6758 [MEDIUM] CWE-17 CVE-2015-6758: The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as us The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.

CVE-2015-6756 [MEDIUM] CVE-2015-6756: Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in P Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging mishandling of a focused annotation in a PDF document.

CVE-2015-6761 [MEDIUM] CWE-362 CVE-2015-6761: The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact

CVE-2015-1304 [HIGH] CWE-284 CVE-2015-1304: object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly res object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.

CVE-2015-1303 [HIGH] CWE-20 CVE-2015-1303: bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not pe bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element.

CVE-2015-1297 [HIGH] CWE-254 CVE-2015-1297: The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension.