Skip to main content
CVE-2015-3335 HIGH POC This Week

The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Chrome Opensuse
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2015-1241 MEDIUM POC This Month

Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Google Chrome Debian Linux Ubuntu Linux +8
NVD
CVSS 2.0
4.3
EPSS
2.8%
CVE-2015-3336 MEDIUM POC This Month

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Privilege Escalation Google Chrome Debian Linux +1
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-3334 MEDIUM POC This Month

browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Debian Linux Opensuse
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-1238 HIGH This Week

Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome Ubuntu Linux +1
NVD
CVSS 2.0
7.5
EPSS
1.8%
CVE-2015-1237 HIGH This Week

Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Ubuntu Linux Chrome Debian Linux
NVD
CVSS 2.0
7.5
EPSS
1.8%
CVE-2015-1242 HIGH This Week

The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Ubuntu Linux V8 Chrome +1
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2015-1249 HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux Ubuntu Linux Chrome
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2015-3333 HIGH This Week

Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google V8 Debian Linux Ubuntu Linux +1
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2015-1245 MEDIUM This Month

Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome Debian Linux
NVD
CVSS 2.0
6.8
EPSS
1.3%
CVE-2015-1246 MEDIUM This Month

Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Debian Linux Chrome
NVD
CVSS 2.0
5.0
EPSS
2.8%
CVE-2015-1240 MEDIUM This Month

gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Debian Linux Chrome +1
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2015-1235 MEDIUM This Month

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Ubuntu Linux Chrome Debian Linux
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2015-1244 MEDIUM This Month

The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Ubuntu Linux Debian Linux Chrome
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2015-1247 MEDIUM This Month

The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2015-1236 MEDIUM This Month

The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google Chrome Ubuntu Linux Debian Linux
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2015-1248 MEDIUM This Month

The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google Debian Linux Chrome
NVD
CVSS 2.0
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy