- EPSS 3.2%
- Veröffentlicht 14.12.2015 11:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of se...
- EPSS 1.35%
- Veröffentlicht 06.12.2015 01:59:27
- Zuletzt bearbeitet 06.05.2026 22:30:45
The VideoFramePool::PoolImpl::CreateFrame function in media/base/video_frame_pool.cc in Google Chrome before 47.0.2526.73 does not initialize memory for a video-frame data structure, which might allow remote attackers to cause a denial of service (ou...
CVE-2015-8479
- EPSS 0.63%
- Veröffentlicht 06.12.2015 01:59:26
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in the AudioOutputDevice::OnDeviceAuthorized function in media/audio/audio_output_device.cc in Google Chrome before 47.0.2526.73 allows attackers to cause a denial of service (heap memory corruption) or possibly have unsp...
CVE-2015-8478
- EPSS 0.63%
- Veröffentlicht 06.12.2015 01:59:25
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.73, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- EPSS 8.12%
- Veröffentlicht 06.12.2015 01:59:24
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2015-6786
- EPSS 1.72%
- Veröffentlicht 06.12.2015 01:59:23
- Zuletzt bearbeitet 06.05.2026 22:30:45
The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, or filesystem: URL as a match for a * pattern, whic...
CVE-2015-6785
- EPSS 1.72%
- Veröffentlicht 06.12.2015 01:59:22
- Zuletzt bearbeitet 06.05.2026 22:30:45
The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a *.x.y pattern, which might allow remot...
CVE-2015-6784
- EPSS 1.74%
- Veröffentlicht 06.12.2015 01:59:21
- Zuletzt bearbeitet 06.05.2026 22:30:45
The page serializer in Google Chrome before 47.0.2526.73 mishandles Mark of the Web (MOTW) comments for URLs containing a "--" sequence, which might allow remote attackers to inject HTML via a crafted URL, as demonstrated by an initial http://example...
CVE-2015-6782
- EPSS 1.14%
- Veröffentlicht 06.12.2015 01:59:19
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Document::open function in WebKit/Source/core/dom/Document.cpp in Google Chrome before 47.0.2526.73 does not ensure that page-dismissal event handling is compatible with modal-dialog blocking, which makes it easier for remote attackers to spoof O...
CVE-2015-6781
- EPSS 1.63%
- Veröffentlicht 06.12.2015 01:59:18
- Zuletzt bearbeitet 06.05.2026 22:30:45
Integer overflow in the FontData::Bound function in data/font_data.cc in Google sfntly, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted offset ...