Vulnerability Details : CVE-2015-1231
Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Vulnerability category: Denial of service
Products affected by CVE-2015-1231
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1231
0.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1231
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2015-1231
-
https://code.google.com/p/chromium/issues/detail?id=406871
406871 - ASSERTION FAILED: offset + length <= m_length, UNKNOWN in blink::InlineTextBox::constructTextRun - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=453126
453126 - Undefined behavior (bad virtual call) in net/socket/ssl_client_socket_pool.cc - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=451685
451685 - Use-after-poison in blink::callTransactionErrorCallback - chromium - Monorail
-
http://www.ubuntu.com/usn/USN-2521-1
USN-2521-1: Oxide vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://code.google.com/p/chromium/issues/detail?id=433078
433078 - Security: OOB read in dhcpcd - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=451753
451753 - UNKNOWN in DestroyPropertySheetPage+0x4e - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=426762
426762 - Use-of-uninitialized-value in blink::Font::glyphDataAndPageForCharacter - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=459115
459115 - Heap-use-after-free in content::MessagePortService::UpdateMessagePort - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=460145
460145 - Unsafe %GeneratorFuntion% intrinsic cannot be denied - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=445831
445831 - UNKNOWN in SA8_alpha_D32_nofilter_DX - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=449045
449045 - Heap-use-after-free in blink::NavigationScheduler::shouldScheduleNavigation - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=463349
463349 - Tracking bug for internal fixes: Chrome M41, release 0 - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=449049
449049 - Heap-use-after-free in blink::WorkerSharedTimer::setFireInterval - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=438364
438364 - Heap-use-after-free in blink::VectorMath::vadd - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=442756
442756 - Security: Denial of service attack against third-parties using web sockets - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=452455
452455 - Heap-buffer-overflow in CPDF_SampledFunc::v_Call - chromium - Monorail
-
https://security.gentoo.org/glsa/201503-12
Chromium: Multiple vulnerabilities (GLSA 201503-12) — Gentoo security
-
https://code.google.com/p/chromium/issues/detail?id=450653
450653 - UNKNOWN in blink::InlineTextBox::isLineBreak - chromium - Monorail
-
http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=449777
449777 - UNKNOWN in content::WebContentsImpl::OnOpenColorChooser - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=452324
Inloggen - Google Accounts
-
https://code.google.com/p/chromium/issues/detail?id=421499
421499 - Use-of-uninitialized-value in ucase_toupper_52 - chromium - Monorail
-
http://rhn.redhat.com/errata/RHSA-2015-0627.html
RHSA-2015:0627 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://code.google.com/p/chromium/issues/detail?id=439877
439877 - Security: HTML Imports ignores Content-Type and Content-Disposition headers. - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=383777
383777 - ASSERTION FAILED: positionOffset <= node->length() - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=438638
438638 - Use-after-free in blink::AXSpinButton::elementRect - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=451755
451755 - UNKNOWN in content::WebContentsImpl::OnOpenColorChooser - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=448056
448056 - UNKNOWN in content::WebContentsImpl::OnDidStartLoading - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=404300
404300 - Security: Blink inadequately whitelists child frames by name in access checks - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=453994
453994 - Security: GaiaAuthExtension is too powerful and should validate parameter - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=449610
449610 - ZDI-CAN-2662: Google Chrome V8EventListenerList::findOrCreateWrapper Type Confusion Remote Code Execution Vulnerability - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=429379
429379 - Use-of-uninitialized-value in SkPath::arcTo - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=437636
437636 - Bad-cast to blink::AudioNode from invalid vptr;AudioNode.cpp:401:13 - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=429679
429679 - Heap-use-after-free in BookmarkContextMenuController::IsCommandIdEnabled - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=450654
450654 - ASSERTION FAILED: !node || (node->isShadowRoot()) - chromium - Monorail
Jump to