rpm package
opensuse/chromium&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
Vulnerabilities (4,053)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-1225 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 9, 2015 | PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| CVE-2015-1224 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 9, 2015 | The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are identical to image dimensions, which allows remote attackers to cause a denial of se | ||
| CVE-2015-1223 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 9, 2015 | Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extra | ||
| CVE-2015-1222 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 9, 2015 | Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76 allow remote attackers to cause a denial of service or possibly have unspecified oth | ||
| CVE-2015-1221 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 9, 2015 | Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink's ma | ||
| CVE-2015-1220 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 9, 2015 | Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a cr | ||
| CVE-2015-1219 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 9, 2015 | Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted | ||
| CVE-2015-1218 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 9, 2015 | Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to differe | ||
| CVE-2015-1217 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 9, 2015 | The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possib | ||
| CVE-2015-1216 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 9, 2015 | Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecif | ||
| CVE-2015-1215 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 9, 2015 | The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation. | ||
| CVE-2015-1214 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 9, 2015 | Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that | ||
| CVE-2015-1213 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Mar 9, 2015 | The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds | ||
| CVE-2015-1212 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 6, 2015 | Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| CVE-2015-1211 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 6, 2015 | The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker re | ||
| CVE-2015-1210 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 6, 2015 | The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restricti | ||
| CVE-2015-1209 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Feb 6, 2015 | Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, all | ||
| CVE-2015-1205 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| CVE-2014-7948 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcache_update_job.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attack | ||
| CVE-2014-7947 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c. |
- CVE-2015-1225Mar 9, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
- CVE-2015-1224Mar 9, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are identical to image dimensions, which allows remote attackers to cause a denial of se
- CVE-2015-1223Mar 9, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extra
- CVE-2015-1222Mar 9, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76 allow remote attackers to cause a denial of service or possibly have unspecified oth
- CVE-2015-1221Mar 9, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink's ma
- CVE-2015-1220Mar 9, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a cr
- CVE-2015-1219Mar 9, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted
- CVE-2015-1218Mar 9, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to differe
- CVE-2015-1217Mar 9, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possib
- CVE-2015-1216Mar 9, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecif
- CVE-2015-1215Mar 9, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.
- CVE-2015-1214Mar 9, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that
- CVE-2015-1213Mar 9, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds
- CVE-2015-1212Feb 6, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2015-1211Feb 6, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker re
- CVE-2015-1210Feb 6, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restricti
- CVE-2015-1209Feb 6, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, all
- CVE-2015-1205Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2014-7948Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcache_update_job.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attack
- CVE-2014-7947Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c.
Page 183 of 203