rpm package
opensuse/chromium&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
Vulnerabilities (4,053)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-6776 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Dec 6, 2015 | The opj_dwt_decode_1* functions in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 47.0.2526.73, allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled d | ||
| CVE-2015-6775 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Dec 6, 2015 | fpdfsdk/src/jsapi/fxjs_v8.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, does not use signatures, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | ||
| CVE-2015-6774 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Dec 6, 2015 | Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted J | ||
| CVE-2015-6773 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Dec 6, 2015 | The convolution implementation in Skia, as used in Google Chrome before 47.0.2526.73, does not properly constrain row lengths, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted graphics d | ||
| CVE-2015-6772 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Dec 6, 2015 | The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with | ||
| CVE-2015-6771 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Dec 6, 2015 | js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73, improperly implements certain map and filter operations for arrays, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via craft | ||
| CVE-2015-6770 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Dec 6, 2015 | The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768. | ||
| CVE-2015-6769 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Dec 6, 2015 | The provisional-load commit implementation in WebKit/Source/bindings/core/v8/WindowProxy.cpp in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy by leveraging a delay in window proxy clearing. | ||
| CVE-2015-6768 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Dec 6, 2015 | The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6770. | ||
| CVE-2015-6767 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Dec 6, 2015 | Use-after-free vulnerability in content/browser/appcache/appcache_dispatcher_host.cc in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect pointer | ||
| CVE-2015-6766 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Dec 6, 2015 | Use-after-free vulnerability in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers with renderer access to cause a denial of service or possibly have unspecified other impact by leveraging incorrect AppCacheUpdateJob behavior associated with | ||
| CVE-2015-6765 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Dec 6, 2015 | Use-after-free vulnerability in content/browser/appcache/appcache_update_job.cc in Google Chrome before 47.0.2526.73 allows remote attackers to execute arbitrary code or cause a denial of service by leveraging the mishandling of AppCache update jobs. | ||
| CVE-2015-6764 | Cri | 9.8 | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Dec 6, 2015 | The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) | |
| CVE-2015-8126 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 13, 2015 | Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application cr | ||
| CVE-2015-1302 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 11, 2015 | The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instanc | ||
| CVE-2015-7834 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Oct 15, 2015 | Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| CVE-2015-6763 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Oct 15, 2015 | Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| CVE-2015-6762 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Oct 15, 2015 | The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origi | ||
| CVE-2015-6761 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Oct 15, 2015 | The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race c | ||
| CVE-2015-6760 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Oct 15, 2015 | The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspeci |
- CVE-2015-6776Dec 6, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The opj_dwt_decode_1* functions in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 47.0.2526.73, allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled d
- CVE-2015-6775Dec 6, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
fpdfsdk/src/jsapi/fxjs_v8.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, does not use signatures, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
- CVE-2015-6774Dec 6, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted J
- CVE-2015-6773Dec 6, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The convolution implementation in Skia, as used in Google Chrome before 47.0.2526.73, does not properly constrain row lengths, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted graphics d
- CVE-2015-6772Dec 6, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with
- CVE-2015-6771Dec 6, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73, improperly implements certain map and filter operations for arrays, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via craft
- CVE-2015-6770Dec 6, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768.
- CVE-2015-6769Dec 6, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The provisional-load commit implementation in WebKit/Source/bindings/core/v8/WindowProxy.cpp in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy by leveraging a delay in window proxy clearing.
- CVE-2015-6768Dec 6, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6770.
- CVE-2015-6767Dec 6, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in content/browser/appcache/appcache_dispatcher_host.cc in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect pointer
- CVE-2015-6766Dec 6, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers with renderer access to cause a denial of service or possibly have unspecified other impact by leveraging incorrect AppCacheUpdateJob behavior associated with
- CVE-2015-6765Dec 6, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in content/browser/appcache/appcache_update_job.cc in Google Chrome before 47.0.2526.73 allows remote attackers to execute arbitrary code or cause a denial of service by leveraging the mishandling of AppCache update jobs.
- affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access)
- CVE-2015-8126Nov 13, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application cr
- CVE-2015-1302Nov 11, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instanc
- CVE-2015-7834Oct 15, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2015-6763Oct 15, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2015-6762Oct 15, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origi
- CVE-2015-6761Oct 15, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race c
- CVE-2015-6760Oct 15, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspeci
Page 178 of 203