Google Chrome vulnerabilities

CVE-2015-1289 [HIGH] CVE-2015-1289: Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2015-1273 [MEDIUM] CWE-119 CVE-2015-1273: Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome bef Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document.

CVE-2015-5605 [MEDIUM] CWE-17 CVE-2015-5605: The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mi The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of a stack-overflow exception message.

CVE-2015-1275 [MEDIUM] CWE-79 CVE-2015-1275: Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTML via a crafted intent: URL, as demonstrated by a trailing alert(document.cookie);// substring, aka "Universal XSS (UXSS)."

CVE-2015-1286 [MEDIUM] CWE-79 CVE-2015-1286: Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink "Universal XSS (UXSS)."

CVE-2015-1288 [MEDIUM] CVE-2015-1288: The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.

CVE-2015-1274 [MEDIUM] CWE-254 CVE-2015-1274: Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file t Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open files of this type" choice, related to download_commands.cc and download_prefs.cc.

CVE-2015-1283 [MEDIUM] CWE-190 CVE-2015-1283: Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google C Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.

CVE-2015-1282 [MEDIUM] CVE-2015-1282: Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the (1) Document::delay and (2) Document::DoFieldDelay functions.

CVE-2015-1281 [MEDIUM] CWE-254 CVE-2015-1281: core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properl core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source.

CVE-2015-1278 [MEDIUM] CWE-254 CVE-2015-1278: content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensu content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf document.

CVE-2015-1271 [MEDIUM] CWE-119 CVE-2015-1271: PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted PDF document that triggers a large memory allocation.

CVE-2015-1285 [MEDIUM] CWE-200 CVE-2015-1285: The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack.

CVE-2015-1270 [MEDIUM] CWE-19 CVE-2015-1270: The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted f

CVE-2015-1287 [MEDIUM] CWE-17 CVE-2015-1287: Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp.

CVE-2015-1269 [MEDIUM] CWE-254 CVE-2015-1269: The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43 The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string that (1) ends in a . (dot) character or (2) is not enti

CVE-2015-1267 [MEDIUM] CWE-254 CVE-2015-1267: Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation contex Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink public API, related to WebArrayBufferConverter.cpp, WebBlob.cpp, WebDOMError.cpp, and WebDOMFileSystem.cpp.

CVE-2015-1268 [MEDIUM] CWE-254 CVE-2015-1268: bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not prope bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL.

CVE-2015-1266 [MEDIUM] CWE-254 CVE-2015-1266: content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 doe content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as demonstrated by use of http://gpu when there is a WebUI c

CVE-2015-1252 [HIGH] CWE-119 CVE-2015-1252: common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wrap common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCir