Filtered by vendor Google
Subscriptions
Total
12114 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-6789 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion. | ||||
CVE-2015-6781 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
Integer overflow in the FontData::Bound function in data/font_data.cc in Google sfntly, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted offset or length value within font data in an SFNT container. | ||||
CVE-2015-6787 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
CVE-2015-6766 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
Use-after-free vulnerability in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers with renderer access to cause a denial of service or possibly have unspecified other impact by leveraging incorrect AppCacheUpdateJob behavior associated with duplicate cache selection. | ||||
CVE-2015-6784 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
The page serializer in Google Chrome before 47.0.2526.73 mishandles Mark of the Web (MOTW) comments for URLs containing a "--" sequence, which might allow remote attackers to inject HTML via a crafted URL, as demonstrated by an initial http://example.com?-- substring. | ||||
CVE-2015-6762 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows remote web servers to bypass the Same Origin Policy via a redirect. | ||||
CVE-2015-6779 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a chrome://settings URL. | ||||
CVE-2015-6757 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging object destruction in a callback. | ||||
CVE-2015-6768 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6770. | ||||
CVE-2015-6776 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
The opj_dwt_decode_1* functions in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 47.0.2526.73, allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during a discrete wavelet transform. | ||||
CVE-2015-6775 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
fpdfsdk/src/jsapi/fxjs_v8.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, does not use signatures, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | ||||
CVE-2015-6761 | 3 Ffmpeg, Google, Redhat | 3 Ffmpeg, Chrome, Rhel Extras | 2024-08-06 | N/A |
The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file. | ||||
CVE-2015-6791 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
CVE-2015-6772 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin. | ||||
CVE-2015-6639 | 1 Google | 1 Android | 2024-08-06 | N/A |
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875. | ||||
CVE-2015-6778 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
The CJBig2_SymbolDict class in fxcodec/jbig2/JBig2_SymbolDict.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a PDF document containing crafted data with JBIG2 compression. | ||||
CVE-2015-6755 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. | ||||
CVE-2015-6777 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
Use-after-free vulnerability in the ContainerNode::notifyNodeInsertedInternal function in WebKit/Source/core/dom/ContainerNode.cpp in the DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOMCharacterDataModified events for certain detached-subtree insertions. | ||||
CVE-2015-6632 | 1 Google | 1 Android | 2024-08-06 | N/A |
libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24346430. | ||||
CVE-2015-6790 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string. |