HomePentest-Tools.com Logo

Google Chrome Multiple Vulnerabilities-01 July15 (Windows) CVE-2015-1271CVE-2015-1273CVE-2015-1274CVE-2015-1276CVE-2015-1279CVE-2015-1280CVE-2015-1281CVE-2015-1282CVE-2015-1283CVE-2015-1284CVE-2015-1286CVE-2015-1287CVE-2015-1270CVE-2015-1272CVE-2015-1277CVE-2015-1278CVE-2015-1285CVE-2015-1288CVE-2015-1289CVE-2015-5605CVE-2015-1290

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Google Chrome is prone to multiple vulnerabilities.

Risk description

Multiple flaws are due to: - Multiple heap based buffer-overflow in pdfium. - An error which allows executable files to run immediately after download. - A use-after-free error in IndexedDB. - A memory corruption error in skia. - An error allowing content security policy (CSP) bypass. - A use-after-free error in pdfium. - A heap based buffer-overflow in expat. - A use-after-free error in blink. - Universal cross-site scripting (UXSS) error in blink. - An error in cascading style sheets (CSS) allowing to bypass same origin policy. - Uninitialized memory read error in ICU. - A use-after-free error related to unexpected GPU process termination. - A use-after-free error in accessibility. - An error leading to URL spoofing using pdf files. - An error leading to information leak in XSS auditor. - An error allowing spell checking dictionaries to be fetched over HTTP. - The regular-expression implementation in Google V8 mishandles interrupts. - Various other unspecified errors. Successful exploitation will allow remote attackers to bypass security restrictions, cause a denial of service condition or potentially execute arbitrary code, conduct spoofing attack, gain sensitive information and other unspecified impacts.

Recommendation

Upgrade to Google Chrome version 44.0.2403.89 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jul 23, 2015
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available