rpm package
opensuse/chromium&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
Vulnerabilities (4,053)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-1248 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Apr 19, 2015 | The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL. | ||
| CVE-2015-1247 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Apr 19, 2015 | The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive in | ||
| CVE-2015-1246 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Apr 19, 2015 | Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| CVE-2015-1245 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Apr 19, 2015 | Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service (heap memory corruption) or possibly h | ||
| CVE-2015-1244 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Apr 19, 2015 | The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing | ||
| CVE-2015-1242 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Apr 19, 2015 | The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that l | ||
| CVE-2015-1241 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Apr 19, 2015 | Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack. | ||
| CVE-2015-1240 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Apr 19, 2015 | gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency. | ||
| CVE-2015-1238 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Apr 19, 2015 | Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. | ||
| CVE-2015-1237 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Apr 19, 2015 | Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger re | ||
| CVE-2015-1236 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Apr 19, 2015 | The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sa | ||
| CVE-2015-1235 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Apr 19, 2015 | The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element. | ||
| CVE-2015-1234 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Apr 1, 2015 | Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands. | ||
| CVE-2015-1233 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Apr 1, 2015 | Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2015-1231 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 9, 2015 | Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| CVE-2015-1230 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 9, 2015 | The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have unspecified other impact v | ||
| CVE-2015-1229 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 9, 2015 | net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted respons | ||
| CVE-2015-1228 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 9, 2015 | The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a den | ||
| CVE-2015-1227 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 9, 2015 | The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an | ||
| CVE-2015-1226 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 9, 2015 | The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a |
- CVE-2015-1248Apr 19, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL.
- CVE-2015-1247Apr 19, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive in
- CVE-2015-1246Apr 19, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
- CVE-2015-1245Apr 19, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service (heap memory corruption) or possibly h
- CVE-2015-1244Apr 19, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing
- CVE-2015-1242Apr 19, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that l
- CVE-2015-1241Apr 19, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.
- CVE-2015-1240Apr 19, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency.
- CVE-2015-1238Apr 19, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
- CVE-2015-1237Apr 19, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger re
- CVE-2015-1236Apr 19, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sa
- CVE-2015-1235Apr 19, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element.
- CVE-2015-1234Apr 1, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands.
- CVE-2015-1233Apr 1, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2015-1231Mar 9, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2015-1230Mar 9, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have unspecified other impact v
- CVE-2015-1229Mar 9, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted respons
- CVE-2015-1228Mar 9, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a den
- CVE-2015-1227Mar 9, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an
- CVE-2015-1226Mar 9, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a
Page 182 of 203