CVE-2015-1276
- EPSS 1.6%
- Veröffentlicht 23.07.2015 00:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact...
CVE-2015-1274
- EPSS 3.62%
- Veröffentlicht 23.07.2015 00:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open f...
CVE-2015-1273
- EPSS 1.54%
- Veröffentlicht 23.07.2015 00:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF do...
CVE-2015-1272
- EPSS 1.62%
- Veröffentlicht 23.07.2015 00:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChanne...
CVE-2015-1271
- EPSS 1.86%
- Veröffentlicht 23.07.2015 00:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a c...
CVE-2015-1270
- EPSS 2.73%
- Veröffentlicht 23.07.2015 00:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a d...
- EPSS 2.31%
- Veröffentlicht 26.06.2015 14:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript ...
CVE-2015-1269
- EPSS 1.76%
- Veröffentlicht 26.06.2015 14:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to b...
- EPSS 1.49%
- Veröffentlicht 26.06.2015 14:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink publi...
- EPSS 1.49%
- Veröffentlicht 26.06.2015 14:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass inten...