CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Chrome : Security Vulnerabilities Published In 2015

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-8664 189 DoS Overflow 2015-12-23 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792.
2 CVE-2015-8548 DoS 2015-12-14 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478.
3 CVE-2015-8480 119 DoS Overflow 2015-12-05 2015-12-07
10.0
None Remote Low Not required Complete Complete Complete
The VideoFramePool::PoolImpl::CreateFrame function in media/base/video_frame_pool.cc in Google Chrome before 47.0.2526.73 does not initialize memory for a video-frame data structure, which might allow remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact by leveraging improper interaction with the vp3_h_loop_filter_c function in libavcodec/vp3dsp.c in FFmpeg.
4 CVE-2015-8479 119 DoS Overflow Mem. Corr. 2015-12-05 2015-12-07
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the AudioOutputDevice::OnDeviceAuthorized function in media/audio/audio_output_device.cc in Google Chrome before 47.0.2526.73 allows attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering access to an unauthorized audio output device.
5 CVE-2015-8478 DoS 2015-12-05 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.73, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
6 CVE-2015-7834 DoS 2015-10-15 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
7 CVE-2015-6792 DoS Exec Code 2015-12-23 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manager.cc, midi_manager_alsa.cc, and midi_manager_mac.cc, a different vulnerability than CVE-2015-8664.
8 CVE-2015-6791 DoS 2015-12-14 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
9 CVE-2015-6790 20 2015-12-14 2016-12-07
4.3
None Remote Medium Not required None Partial None
The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string.
10 CVE-2015-6789 362 DoS 2015-12-14 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion.
11 CVE-2015-6788 DoS 2015-12-14 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
12 CVE-2015-6787 DoS 2015-12-05 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
13 CVE-2015-6786 264 Bypass 2015-12-05 2016-12-07
4.3
None Remote Medium Not required None Partial None
The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, or filesystem: URL as a match for a * pattern, which allows remote attackers to bypass intended scheme restrictions in opportunistic circumstances by leveraging a policy that relies on this pattern.
14 CVE-2015-6785 264 Bypass 2015-12-05 2016-12-07
4.3
None Remote Medium Not required None Partial None
The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a *.x.y pattern, which might allow remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a policy that was intended to be specific to subdomains.
15 CVE-2015-6784 20 2015-12-05 2016-12-07
4.3
None Remote Medium Not required None Partial None
The page serializer in Google Chrome before 47.0.2526.73 mishandles Mark of the Web (MOTW) comments for URLs containing a "--" sequence, which might allow remote attackers to inject HTML via a crafted URL, as demonstrated by an initial http://example.com?-- substring.
16 CVE-2015-6782 20 2015-12-05 2016-12-07
4.3
None Remote Medium Not required None Partial None
The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, which makes it easier for remote attackers to spoof Omnibox content via a crafted web site.
17 CVE-2015-6781 189 DoS Overflow 2015-12-05 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the FontData::Bound function in data/font_data.cc in Google sfntly, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted offset or length value within font data in an SFNT container.
18 CVE-2015-6780 DoS 2015-12-05 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the Infobars implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site, related to browser/ui/views/website_settings/website_settings_popup_view.cc.
19 CVE-2015-6779 264 Bypass 2015-12-05 2016-12-07
4.3
None Remote Medium Not required None Partial None
PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a chrome://settings URL.
20 CVE-2015-6778 119 DoS Overflow 2015-12-05 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
The CJBig2_SymbolDict class in fxcodec/jbig2/JBig2_SymbolDict.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a PDF document containing crafted data with JBIG2 compression.
21 CVE-2015-6777 DoS 2015-12-05 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the ContainerNode::notifyNodeInsertedInternal function in WebKit/Source/core/dom/ContainerNode.cpp in the DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOMCharacterDataModified events for certain detached-subtree insertions.
22 CVE-2015-6776 119 DoS Overflow 2015-12-05 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
The opj_dwt_decode_1* functions in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 47.0.2526.73, allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during a discrete wavelet transform.
23 CVE-2015-6775 DoS 2015-12-05 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
fpdfsdk/src/jsapi/fxjs_v8.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, does not use signatures, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
24 CVE-2015-6774 DoS 2015-12-05 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that modifies a pointer used for reporting loadTimes data.
25 CVE-2015-6773 119 DoS Overflow 2015-12-05 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
The convolution implementation in Skia, as used in Google Chrome before 47.0.2526.73, does not properly constrain row lengths, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted graphics data.
26 CVE-2015-6772 264 Bypass 2015-12-05 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin.
27 CVE-2015-6771 119 DoS Overflow 2015-12-05 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73, improperly implements certain map and filter operations for arrays, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code.
28 CVE-2015-6770 264 Bypass 2015-12-05 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768.
29 CVE-2015-6769 264 Bypass 2015-12-05 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
The provisional-load commit implementation in WebKit/Source/bindings/core/v8/WindowProxy.cpp in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy by leveraging a delay in window proxy clearing.
30 CVE-2015-6768 264 Bypass 2015-12-05 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6770.
31 CVE-2015-6767 DoS 2015-12-05 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in content/browser/appcache/appcache_dispatcher_host.cc in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect pointer maintenance associated with certain callbacks.
32 CVE-2015-6766 DoS 2015-12-05 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers with renderer access to cause a denial of service or possibly have unspecified other impact by leveraging incorrect AppCacheUpdateJob behavior associated with duplicate cache selection.
33 CVE-2015-6765 DoS Exec Code 2015-12-05 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in content/browser/appcache/appcache_update_job.cc in Google Chrome before 47.0.2526.73 allows remote attackers to execute arbitrary code or cause a denial of service by leveraging the mishandling of AppCache update jobs.
34 CVE-2015-6764 119 DoS Overflow 2015-12-05 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code.
35 CVE-2015-6763 DoS 2015-10-15 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
36 CVE-2015-6762 254 Bypass 2015-10-15 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows remote web servers to bypass the Same Origin Policy via a redirect.
37 CVE-2015-6761 362 DoS Mem. Corr. 2015-10-15 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file.
38 CVE-2015-6760 17 DoS 2015-10-15 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device.
39 CVE-2015-6759 200 +Info 2015-10-15 2016-12-23
5.0
None Remote Low Not required Partial None None
The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors involving a blob: URL.
40 CVE-2015-6758 17 DoS 2015-10-15 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.
41 CVE-2015-6757 DoS 2015-10-15 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging object destruction in a callback.
42 CVE-2015-6756 DoS Mem. Corr. 2015-10-15 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging mishandling of a focused annotation in a PDF document.
43 CVE-2015-6755 264 Bypass 2015-10-15 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
44 CVE-2015-6583 254 2015-09-03 2016-12-21
4.3
None Remote Medium Not required None Partial None
Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hosted_app_browser_controller.cc.
45 CVE-2015-6582 254 DoS 2015-09-03 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
The decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not verify that a matrix inversion succeeded, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted web site.
46 CVE-2015-6581 DoS Exec Code Mem. Corr. 2015-09-03 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure.
47 CVE-2015-6580 DoS 2015-09-03 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before 45.0.2454.85, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
48 CVE-2015-5605 17 DoS Overflow 2015-07-22 2015-08-26
5.0
None Remote Low Not required None None Partial
The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of a stack-overflow exception message.
49 CVE-2015-4000 310 2015-05-20 2016-12-30
4.3
None Remote Medium Not required None Partial None
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
50 CVE-2015-3910 DoS 2015-05-20 2016-12-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as used in Google Chrome before 43.0.2357.65, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Total number of vulnerabilities : 187   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.