Google Chrome vulnerabilities

CVE-2015-1295 [HIGH] CVE-2015-1295: Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/rende Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC messages during preparation for printing, as demonstrated by mes

CVE-2015-1301 [HIGH] CVE-2015-1301: Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2015-1293 [HIGH] CWE-264 CVE-2015-1293: The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attacke The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

CVE-2015-6580 [HIGH] CVE-2015-6580: Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before 45.0.2454.85, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2015-6581 [HIGH] CVE-2015-6581: Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJP Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure.

CVE-2015-1294 [HIGH] CVE-2015-1294: Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Ski Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an infinite result during an inversion calculation.

CVE-2015-1299 [HIGH] CVE-2015-1299: Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome b Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging erroneous timer firing, related to ThreadTimers.cpp and Timer.cpp.

CVE-2015-1291 [MEDIUM] CWE-264 CVE-2015-1291: The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Goo The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements.

CVE-2015-1296 [MEDIUM] CWE-254 CVE-2015-1296: The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0 The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations fo

CVE-2015-6583 [MEDIUM] CWE-254 CVE-2015-6583: Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after na Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hosted_app_browser_controller.cc.

CVE-2015-1300 [MEDIUM] CWE-254 CVE-2015-1300: The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a hist

CVE-2015-1298 [MEDIUM] CWE-254 CVE-2015-1298: The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_ap The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to trigger access to an arbitrary URL via a crafted extension that is uninsta

CVE-2015-6582 [MEDIUM] CWE-254 CVE-2015-6582: The decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google C The decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not verify that a matrix inversion succeeded, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted web site

CVE-2015-1292 [MEDIUM] CWE-264 CVE-2015-1292: The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker. The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker.

CVE-2015-1276 [CRITICAL] CVE-2015-1276: Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the Indexe Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation.

CVE-2015-1284 [HIGH] CWE-20 CVE-2015-1284: The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrom The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code

CVE-2015-1279 [HIGH] CWE-189 CVE-2015-1279: Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values.

CVE-2015-1277 [HIGH] CVE-2015-1277: Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.8 Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures.

CVE-2015-1272 [HIGH] CVE-2015-1272: Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChannelHost data structure during Blink shutdown, related to content/browser/gpu/browser_gpu_channel_host_factory.cc and

CVE-2015-1280 [HIGH] CWE-119 CVE-2015-1280: SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers t SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data.