Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:29823
[Eng]
Version
6
Class
patch
ALTXid
178323
Language
Russian
Severity
NotAvailable
Title
Обновление openSUSE-SU-2015:1287-1 -- обновление безопасности для Chromium
Description
Chromium was updated to 44.0.2403.89 to fix multiple security issues
Family
unix
Platform
openSUSE 13.1
openSUSE 13.2
Product
chromium
Reference
VENDOR: openSUSE-SU-2015:1287-1
VENDOR: openSUSE-SU-2015:1287-1
Id:
openSUSE-SU-2015:1287-1
Reference:
https://lists.opensuse.org/opensuse-updates/2015-07/msg00054.html
CVE: CVE-2015-1270
CVE: CVE-2015-1270
Id:
CVE-2015-1270
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1270
Comment
: The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
19 (Data Handling)
References:
https://codereview.chromium.org/1157143002/ ()
RHSA-2015:1499 ()
openSUSE-SU-2015:1287 ()
1033031 ()
https://code.google.com/p/chromium/issues/detail?id=444573 ()
DSA-3360 ()
USN-2740-1 ()
GLSA-201603-09 ()
75973 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
https://chromium.googlesource.com/chromium/deps/icu/+/f1ad7f9ba957571dc692ea3e187612c685615e19 ()
DSA-3315 ()
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html ()
CVE: CVE-2015-1271
CVE: CVE-2015-1271
Id:
CVE-2015-1271
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1271
Comment
: PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted PDF document that triggers a large memory allocation.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://codereview.chromium.org/1226403008 ()
RHSA-2015:1499 ()
openSUSE-SU-2015:1287 ()
1033031 ()
https://code.google.com/p/chromium/issues/detail?id=446032 ()
GLSA-201603-09 ()
75973 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
DSA-3315 ()
CVE: CVE-2015-1272
CVE: CVE-2015-1272
Id:
CVE-2015-1272
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1272
Comment
: Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChannelHost data structure during Blink shutdown, related to content/browser/gpu/browser_gpu_channel_host_factory.cc and content/renderer/render_thread_impl.cc.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
https://codereview.chromium.org/1128233004/ ()
RHSA-2015:1499 ()
https://codereview.chromium.org/867553003/ ()
openSUSE-SU-2015:1287 ()
1033031 ()
https://code.google.com/p/chromium/issues/detail?id=451456 ()
GLSA-201603-09 ()
75973 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
DSA-3315 ()
CVE: CVE-2015-1273
CVE: CVE-2015-1273
Id:
CVE-2015-1273
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1273
Comment
: Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://pdfium.googlesource.com/pdfium/+/cddfde0cddbc8467e0d5fa04c30405ee257750fc ()
RHSA-2015:1499 ()
openSUSE-SU-2015:1287 ()
1033031 ()
https://code.google.com/p/chromium/issues/detail?id=459215 ()
GLSA-201603-09 ()
75973 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
DSA-3315 ()
CVE: CVE-2015-1274
CVE: CVE-2015-1274
Id:
CVE-2015-1274
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1274
Comment
: Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open files of this type" choice, related to download_commands.cc and download_prefs.cc.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
254 (Security Features)
References:
RHSA-2015:1499 ()
openSUSE-SU-2015:1287 ()
1033031 ()
https://codereview.chromium.org/1165893004/ ()
https://code.google.com/p/chromium/issues/detail?id=461858 ()
GLSA-201603-09 ()
75973 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
DSA-3315 ()
CVE: CVE-2015-1275
CVE: CVE-2015-1275
Id:
CVE-2015-1275
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1275
Comment
: Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTML via a crafted intent: URL, as demonstrated by a trailing alert(document.cookie);// substring, aka "Universal XSS (UXSS)."
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
https://codereview.chromium.org/1059413004/ ()
openSUSE-SU-2015:1287 ()
1033031 ()
GLSA-201603-09 ()
75973 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
https://code.google.com/p/chromium/issues/detail?id=462843 ()
CVE: CVE-2015-1276
CVE: CVE-2015-1276
Id:
CVE-2015-1276
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1276
Comment
: Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
CWE-Other ()
References:
https://code.google.com/p/chromium/issues/detail?id=472614 ()
RHSA-2015:1499 ()
openSUSE-SU-2015:1287 ()
1033031 ()
GLSA-201603-09 ()
75973 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
DSA-3315 ()
https://codereview.chromium.org/1060613002/ ()
CVE: CVE-2015-1277
CVE: CVE-2015-1277
Id:
CVE-2015-1277
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1277
Comment
: Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
https://code.google.com/p/chromium/issues/detail?id=479743 ()
RHSA-2015:1499 ()
openSUSE-SU-2015:1287 ()
1033031 ()
https://codereview.chromium.org/1144363004/ ()
GLSA-201603-09 ()
https://codereview.chromium.org/1151393006/ ()
75973 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
DSA-3315 ()
CVE: CVE-2015-1278
CVE: CVE-2015-1278
Id:
CVE-2015-1278
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1278
Comment
: content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf document.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
254 (Security Features)
References:
RHSA-2015:1499 ()
https://codereview.chromium.org/1156663004/ ()
openSUSE-SU-2015:1287 ()
1033031 ()
GLSA-201603-09 ()
https://codereview.chromium.org/1150843002/ ()
75973 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
https://code.google.com/p/chromium/issues/detail?id=482380 ()
DSA-3315 ()
CVE: CVE-2015-1279
CVE: CVE-2015-1279
Id:
CVE-2015-1279
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1279
Comment
: Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via large height and stride values.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
189 (Numeric Errors)
References:
RHSA-2015:1499 ()
https://codereview.chromium.org/1241493002 ()
openSUSE-SU-2015:1287 ()
1033031 ()
https://code.google.com/p/chromium/issues/detail?id=483981 ()
GLSA-201603-09 ()
75973 ()
https://codereview.chromium.org/1237723002 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
DSA-3315 ()
CVE: CVE-2015-1280
CVE: CVE-2015-1280
Id:
CVE-2015-1280
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1280
Comment
: SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
RHSA-2015:1499 ()
openSUSE-SU-2015:1287 ()
1033031 ()
https://codereview.chromium.org/1151663002 ()
https://code.google.com/p/chromium/issues/detail?id=486947 ()
GLSA-201603-09 ()
75973 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
DSA-3315 ()
CVE: CVE-2015-1281
CVE: CVE-2015-1281
Id:
CVE-2015-1281
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1281
Comment
: core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
254 (Security Features)
References:
RHSA-2015:1499 ()
openSUSE-SU-2015:1287 ()
1033031 ()
https://src.chromium.org/viewvc/blink?revision=196071&view=revision ()
https://code.google.com/p/chromium/issues/detail?id=487155 ()
GLSA-201603-09 ()
75973 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
DSA-3315 ()
CVE: CVE-2015-1282
CVE: CVE-2015-1282
Id:
CVE-2015-1282
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1282
Comment
: Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to the (1) Document::delay and (2) Document::DoFieldDelay functions.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
https://pdfium.googlesource.com/pdfium/+/4ff7a4246c81a71b4f878e959b3ca304cd76ec8a ()
RHSA-2015:1499 ()
openSUSE-SU-2015:1287 ()
1033031 ()
https://code.google.com/p/chromium/issues/detail?id=487928 ()
GLSA-201603-09 ()
75973 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
DSA-3315 ()
CVE: CVE-2015-1283
CVE: CVE-2015-1283
Id:
CVE-2015-1283
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283
Comment
: Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
190 (Integer Overflow or Wraparound)
References:
https://www.tenable.com/security/tns-2016-20 ()
RHSA-2015:1499 ()
https://code.google.com/p/chromium/issues/detail?id=492052 ()
openSUSE-SU-2016:1523 ()
openSUSE-SU-2015:1287 ()
1033031 ()
DSA-3318 ()
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html ()
SUSE-SU-2016:1508 ()
GLSA-201701-21 ()
https://source.android.com/security/bulletin/2016-11-01.html ()
GLSA-201603-09 ()
SUSE-SU-2016:1512 ()
https://codereview.chromium.org/1224303003 ()
75973 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
USN-2726-1 ()
openSUSE-SU-2016:1441 ()
DSA-3315 ()
https://kc.mcafee.com/corporate/index?page=content&id=SB10365 ()
CVE: CVE-2015-1284
CVE: CVE-2015-1284
Id:
CVE-2015-1284
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1284
Comment
: The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
20 (Improper Input Validation)
References:
RHSA-2015:1499 ()
openSUSE-SU-2015:1287 ()
1033031 ()
GLSA-201603-09 ()
https://code.google.com/p/chromium/issues/detail?id=493243 ()
75973 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
DSA-3315 ()
https://src.chromium.org/viewvc/blink?revision=197139&view=revision ()
CVE: CVE-2015-1285
CVE: CVE-2015-1285
Id:
CVE-2015-1285
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1285
Comment
: The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://code.google.com/p/chromium/issues/detail?id=498982 ()
RHSA-2015:1499 ()
openSUSE-SU-2015:1287 ()
1033031 ()
https://src.chromium.org/viewvc/blink?revision=196971&view=revision ()
GLSA-201603-09 ()
75973 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
DSA-3315 ()
CVE: CVE-2015-1286
CVE: CVE-2015-1286
Id:
CVE-2015-1286
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1286
Comment
: Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink "Universal XSS (UXSS)."
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
RHSA-2015:1499 ()
https://codereview.chromium.org/1235863003/ ()
openSUSE-SU-2015:1287 ()
1033031 ()
https://code.google.com/p/chromium/issues/detail?id=504011 ()
GLSA-201603-09 ()
https://codereview.chromium.org/1231803002/ ()
75973 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
DSA-3315 ()
CVE: CVE-2015-1287
CVE: CVE-2015-1287
Id:
CVE-2015-1287
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1287
Comment
: Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
17 (Code)
References:
RHSA-2015:1499 ()
openSUSE-SU-2015:1287 ()
1033031 ()
https://src.chromium.org/viewvc/blink?revision=195266&view=revision ()
GLSA-201603-09 ()
https://code.google.com/p/chromium/issues/detail?id=419383 ()
75973 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
DSA-3315 ()
CVE: CVE-2015-1288
CVE: CVE-2015-1288
Id:
CVE-2015-1288
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1288
Comment
: The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related issue to CVE-2015-1263.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
17 (Code)
References:
RHSA-2015:1499 ()
https://codereview.chromium.org/1056103005 ()
openSUSE-SU-2015:1287 ()
1033031 ()
https://code.google.com/p/chromium/issues/detail?id=479162 ()
GLSA-201603-09 ()
75973 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
DSA-3315 ()
CVE: CVE-2015-1289
CVE: CVE-2015-1289
Id:
CVE-2015-1289
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1289
Comment
: Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
https://code.google.com/p/chromium/issues/detail?id=512110 ()
https://crbug.com/506749 ()
https://crbug.com/495682 ()
RHSA-2015:1499 ()
https://crbug.com/471990 ()
https://crbug.com/458024 ()
https://crbug.com/459898 ()
https://crbug.com/404462 ()
openSUSE-SU-2015:1287 ()
1033031 ()
https://crbug.com/477713 ()
https://crbug.com/487286 ()
https://crbug.com/484432 ()
https://crbug.com/485855 ()
https://crbug.com/486004 ()
https://crbug.com/398235 ()
https://crbug.com/507821 ()
GLSA-201603-09 ()
https://crbug.com/504692 ()
https://crbug.com/491216 ()
https://crbug.com/478575 ()
75973 ()
https://crbug.com/401995 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
https://crbug.com/492981 ()
https://crbug.com/460938 ()
DSA-3315 ()
https://crbug.com/492448 ()
CVE: CVE-2015-5605
CVE: CVE-2015-5605
Id:
CVE-2015-5605
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5605
Comment
: The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of a stack-overflow exception message.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE:
17 (Code)
References:
https://code.google.com/p/chromium/issues/detail?id=512110 ()
76007 ()
https://chromium.googlesource.com/v8/v8.git/+/c67cb287a901ddf03d4ae4dafcf431d09fd3e22c ()
RHSA-2015:1499 ()
openSUSE-SU-2015:1287 ()
1033031 ()
https://code.google.com/p/chromium/issues/detail?id=469480 ()
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html ()
Content available only for registered users!
ovaldb@altx-soft.com