CVE-2015-1289 : Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow

Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published 2015-07-23 00:59:18

Updated 2018-10-30 16:27:36

Source Google Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2015-1289

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop Supplementary » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Supplementary » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation Supplementary » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Supplementary Eus » Version: 6.7z
cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:*:*:*:*:*:*:*
Matching versions
Google » Chrome
Versions up to, including, (<=) 43.0.2357.134
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.2
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.1
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-1289

EPSS FAQ

0.59%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 78 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-1289

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2015-1289

https://code.google.com/p/chromium/issues/detail?id=512110

512110 - Tracking bug for internal fixes: Chrome M44, release 0 - chromium - Monorail

CVEs referencing this url
https://crbug.com/404462

404462 - Heap-use-after-free in blink::RenderBlockFlow::determineStartPosition - chromium - Monorail
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html

[security-announce] openSUSE-SU-2015:1287-1: important: Security update

CVEs referencing this url
https://crbug.com/492448

492448 - Security: Update NSS to 3.19 - chromium - Monorail
https://crbug.com/471990

471990 - UNKNOWN in CPDF_SampledFunc::v_Call - chromium - Monorail
https://crbug.com/485855

485855 - Heap-use-after-free in /mnt/scratch0/clusterfuzz/slave-bot/builds/chromium-browser-asan_linux-release/r - chromium - Monorail
https://crbug.com/507821

507821 - Send SafeBrowsing ping-backs for additional file types - chromium - Monorail
http://www.debian.org/security/2015/dsa-3315

Debian -- Security Information -- DSA-3315-1 chromium-browser

CVEs referencing this url
https://crbug.com/487286

487286 - Negative-size-param in content::AppCacheUpdateJob::OnDestructionImminent - chromium - Monorail
https://crbug.com/506749

506749 - Heap-use-after-free in crypto::Encryptor::Decrypt - chromium - Monorail
https://crbug.com/484432

484432 - Potential heap overflow in WebRTC's VCMEncodedFrame - chromium - Monorail
https://security.gentoo.org/glsa/201603-09

Chromium: Multiple vulnerabilities (GLSA 201603-09) — Gentoo security

CVEs referencing this url
https://crbug.com/504692

504692 - Heap-use-after-free in views::internal::NativeWidgetPrivate::GetNativeWidgetForNativeView - chromium - Monorail
https://crbug.com/491216

491216 - Make IOBuffer, IOBufferWithSize and ShrinkableIOBufferWithSize resilient against truncation. - chromium - Monorail
https://crbug.com/398235

398235 - Security: possible another uninit memory with jpeg parsing - chromium - Monorail
https://crbug.com/486004

486004 - Heap-use-after-free in base::MessageLoop::PostTask - chromium - Monorail
https://crbug.com/477713

477713 - ASSERTION FAILED: !needsLayout - chromium - Monorail
http://www.securitytracker.com/id/1033031

Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code, Bypass Same-Origin Restrictions, Obtain Potentially Sensitive Information, and Spoof URLs - SecurityTracker

CVEs referencing this url
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html

Chrome Releases: Stable Channel Update
Patch;Vendor Advisory

CVEs referencing this url
https://crbug.com/478575

478575 - Heap-use-after-free in blink::Node::parentOrShadowHostOrTemplateHostNode - chromium - Monorail
http://rhn.redhat.com/errata/RHSA-2015-1499.html

RHSA-2015:1499 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://crbug.com/495682

495682 - Use-of-uninitialized-value in /mnt/scratch0/clusterfuzz/slave-bot/builds/linux_msan_chrome_ipc/custom/msan_ipc - chromium - Monorail
https://crbug.com/401995

401995 - Heap-buffer-overflow in CFX_ByteTextBuf::AppendChar - chromium - Monorail
https://crbug.com/458024

458024 - [qcms] security - stack buffer overread in lut_inverse_interp16 - chromium - Monorail
https://crbug.com/492981

492981 - Heap-use-after-free in blink::HTMLFormElement::item - chromium - Monorail
http://www.securityfocus.com/bid/75973

Google Chrome Prior to 44.0.2403.89 Multiple Security Vulnerabilities

CVEs referencing this url
https://crbug.com/460938

460938 - ASSERTION FAILED: !node || (node->isShadowRoot()) - chromium - Monorail
https://crbug.com/459898

459898 - Heap-use-after-free in CFX_BaseSegmentedArray::Iterate - chromium - Monorail

Jump to

Vulnerability Details : CVE-2015-1289

Products affected by CVE-2015-1289

Exploit prediction scoring system (EPSS) score for CVE-2015-1289

CVSS scores for CVE-2015-1289

References for CVE-2015-1289