VYPR

rpm package

opensuse/chromium&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed

Vulnerabilities (4,053)

  • CVE-2015-6759Oct 15, 2015
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information v

  • CVE-2015-6758Oct 15, 2015
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspec

  • CVE-2015-6757Oct 15, 2015
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging object

  • CVE-2015-6756Oct 15, 2015
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leve

  • CVE-2015-6755Oct 15, 2015
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass th

  • CVE-2015-1304Oct 12, 2015
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.

  • CVE-2015-1303Oct 12, 2015
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containi

  • CVE-2015-1301Sep 3, 2015
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2015-1300Sep 3, 2015
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtai

  • CVE-2015-1299Sep 3, 2015
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging erroneous timer firing, related to ThreadTimers.cpp

  • CVE-2015-1298Sep 3, 2015
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to t

  • CVE-2015-1297Sep 3, 2015
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a c

  • CVE-2015-1296Sep 3, 2015
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these character

  • CVE-2015-1295Sep 3, 2015
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by tri

  • CVE-2015-1294Sep 3, 2015
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elem

  • CVE-2015-1293Sep 3, 2015
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

  • CVE-2015-1292Sep 3, 2015
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker.

  • CVE-2015-1291Sep 3, 2015
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree cor

  • CVE-2015-1289Jul 23, 2015
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2015-1288Jul 23, 2015
    affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1

    The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted f

Page 179 of 203