Google Chrome vulnerabilities

CVE-2015-3333 [HIGH] CVE-2015-3333: Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2015-1249 [HIGH] CVE-2015-1249: Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2015-3335 [HIGH] CWE-264 CVE-2015-3335: The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_san The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits for Native Client (aka NaCl) processes, which might make it easier for remote attackers to conduct row-hammer attacks or have unspecified other impact by lev

CVE-2015-1247 [MEDIUM] CWE-200 CVE-2015-1247: The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_hel The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local files via a crafted (1) http or (2) https web site.

CVE-2015-3336 [MEDIUM] CWE-264 CVE-2015-3336: Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTIN Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document containing JavaScript code with requestFullScreen and reques

CVE-2015-1246 [MEDIUM] CWE-119 CVE-2015-1246: Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of se Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2015-1240 [MEDIUM] CWE-119 CVE-2015-1240: gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311 gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency.

CVE-2015-1241 [MEDIUM] CWE-1021 CVE-2015-1241: Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.

CVE-2015-1244 [MEDIUM] CWE-200 CVE-2015-1244: The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0. The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic.

CVE-2015-1235 [MEDIUM] CWE-264 CVE-2015-1235: The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Bl The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element.

CVE-2015-3334 [MEDIUM] CWE-17 CVE-2015-3334: browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive video data from a device's physical environment via a cr

CVE-2015-1236 [MEDIUM] CWE-264 CVE-2015-1236: The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cp The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.

CVE-2015-1245 [MEDIUM] CVE-2015-1245: Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/locatio Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering interaction with a PDFium "Open PDF in

CVE-2015-1248 [MEDIUM] CWE-264 CVE-2015-1248: The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBr The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL.

CVE-2015-1233 [HIGH] CWE-17 CVE-2015-1233: Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors.

CVE-2015-1234 [MEDIUM] CWE-362 CVE-2015-1234: Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272. Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands.

CVE-2015-1223 [HIGH] CVE-2015-1223: Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change events, as demonstrated by events for invalid input or input to read-on

CVE-2015-1232 [HIGH] CVE-2015-1232: Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_us Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vul

CVE-2015-1216 [HIGH] CVE-2015-1216: Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8 Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a frame detachment.

CVE-2015-1227 [HIGH] CWE-399 CVE-2015-1227: The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 4 The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which the default orientation cannot be used.