Google Chrome vulnerabilities

CVE-2015-1213 [HIGH] CWE-119 CVE-2015-1213: The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.

CVE-2015-1221 [HIGH] CVE-2015-1221: Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote a Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink's main thread, related to the shutdown function in web/WebKit.cpp.

CVE-2015-1217 [HIGH] CWE-17 CVE-2015-1217: The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

CVE-2015-1215 [HIGH] CWE-119 CVE-2015-1215: The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote atta The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.

CVE-2015-1228 [HIGH] CWE-399 CVE-2015-1228: The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in G The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impac

CVE-2015-1231 [HIGH] CVE-2015-1231: Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2015-1219 [HIGH] CWE-189 CVE-2015-1219: Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted allocation of a large amount of memory during WebGL rendering.

CVE-2015-1218 [HIGH] CVE-2015-1218: Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to different documents, related to (1) the HTMLScriptElement::didMoveToNewDocument function i

CVE-2015-1222 [HIGH] CVE-2015-1222: Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a ServiceWorkerContextWrapper::DeleteAndStartOve

CVE-2015-1214 [HIGH] CWE-190 CVE-2015-1214: Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters im Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset action with a large count value, leading to an out-of-bound

CVE-2015-2238 [HIGH] CVE-2015-2238: Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 4 Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2015-1230 [HIGH] CVE-2015-1230: The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that adds an AudioContext event listener and triggers "type conf

CVE-2015-1220 [MEDIUM] CVE-2015-1220: Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gi Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size in a GIF image.

CVE-2015-2239 [MEDIUM] CVE-2015-2239: Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider th Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider the interaction between the "1993 search" features and restore-from-disk RELOAD transitions, which makes it easier for remote attackers to spoof the address bar for a search-results page by leveraging (1) a compromised search engine or (2) an XSS vulnerability in

CVE-2015-1226 [MEDIUM] CWE-264 CVE-2015-1226: The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in G The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension.

CVE-2015-1224 [MEDIUM] CWE-17 CVE-2015-1224: The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder impl The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are identical to image dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted VPx video data.

CVE-2011-5319 [MEDIUM] CWE-264 CVE-2011-5319: content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 doe content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate accelerometer data, which makes it easier for remote attackers to capture keystrokes via a crafted web site that listens for ondevicemotion events, a different vulnerability than CVE-2015-1231.

CVE-2015-1229 [MEDIUM] CWE-19 CVE-2015-1229: net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.

CVE-2015-1225 [MEDIUM] CWE-119 CVE-2015-1225: PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of s PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2014-9689 [MEDIUM] CWE-264 CVE-2014-9689: content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.7 content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote attackers to obtain speech signals from a device's physical environment via a crafted web site that listens for ondeviceorientation events, a different vul