VuXML ID | Description |
0e425bb7-64f2-11e5-b2fd-00262d5ed8ee | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
Two vulnerabilities were fixed in this release:
- [530301] High CVE-2015-1303: Cross-origin bypass in DOM. Credit
to Mariusz Mlynski.
- [531891] High CVE-2015-1304: Cross-origin bypass in V8. Credit
to Mariusz Mlynski.
Discovery 2015-09-24 Entry 2015-09-27 chromium
< 45.0.2454.101
chromium-npapi
< 45.0.2454.101
chromium-pulse
< 45.0.2454.101
CVE-2015-1303
CVE-2015-1304
http://googlechromereleases.blogspot.nl/2015/09/stable-channel-update_24.html
|
1a6bbb95-24b8-11e6-bd31-3065ec8fd3ec | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
42 security fixes in this release
Please reference CVE/URL list for details
Discovery 2016-05-25 Entry 2016-05-28 Modified 2016-06-20 chromium
chromium-npapi
chromium-pulse
< 51.0.2704.63
CVE-2016-1672
CVE-2016-1673
CVE-2016-1674
CVE-2016-1675
CVE-2016-1672
CVE-2016-1677
CVE-2016-1678
CVE-2016-1679
CVE-2016-1680
CVE-2016-1681
CVE-2016-1682
CVE-2016-1685
CVE-2016-1686
CVE-2016-1687
CVE-2016-1688
CVE-2016-1689
CVE-2016-1690
CVE-2016-1691
CVE-2016-1692
CVE-2016-1693
CVE-2016-1694
CVE-2016-1695
http://googlechromereleases.blogspot.nl/2016/05/stable-channel-update_25.html
|
1bcfd963-e483-41b8-ab8e-bad5c3ce49c9 | brotli -- buffer overflow
Google Chrome Releases reports:
[583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli.
Mozilla Foundation reports:
Security researcher Luke Li reported a pointer underflow
bug in the Brotli library's decompression that leads to a
buffer overflow. This results in a potentially exploitable
crash when triggered.
Discovery 2016-02-08 Entry 2016-03-08 Modified 2016-03-08 brotli
ge 0.3.0 lt 0.3.0_1
< 0.2.0_2
libbrotli
< 0.3.0_3
chromium
chromium-npapi
chromium-pulse
< 48.0.2564.109
firefox
linux-firefox
< 45.0,1
seamonkey
linux-seamonkey
< 2.42
firefox-esr
< 38.7.0,1
libxul
thunderbird
linux-thunderbird
< 38.7.0
CVE-2016-1624
CVE-2016-1968
https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade
https://chromium.googlesource.com/chromium/src/+/7716418a27d561ee295a99f11fd3865580748de2%5E!/
https://www.mozilla.org/security/advisories/mfsa2016-30/
https://hg.mozilla.org/releases/mozilla-release/rev/4a5d8ade4e3e
|
210f80b9-ede4-11e4-81c4-00262d5ed8ee | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
5 security fixes in this release, including:
- [453279] High CVE-2015-1243: Use-after-free in DOM. Credit to
Saif El-Sherei.
- [481777] CVE-2015-1250: Various fixes from internal audits,
fuzzing and other initiatives.
Discovery 2015-04-28 Entry 2015-04-28 chromium
< 42.0.2311.135
chromium-npapi
< 42.0.2311.135
chromium-pulse
< 42.0.2311.135
CVE-2015-1243
CVE-2015-1250
http://googlechromereleases.blogspot.nl/2015/04/stable-channel-update_28.html
|
36034227-cf81-11e5-9c2b-00262d5ed8ee | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
6 security fixes in this release, including:
- [546677] High CVE-2016-1622: Same-origin bypass in Extensions.
Credit to anonymous.
- [577105] High CVE-2016-1623: Same-origin bypass in DOM. Credit
to Mariusz Mlynski.
- [509313] Medium CVE-2016-1625: Navigation bypass in Chrome
Instant. Credit to Jann Horn.
- [571480] Medium CVE-2016-1626: Out-of-bounds read in PDFium.
Credit to anonymous, working with HP's Zero Day Initiative.
- [585517] CVE-2016-1627: Various fixes from internal audits,
fuzzing and other initiatives.
Discovery 2016-02-08 Entry 2016-02-09 Modified 2016-03-08 chromium
chromium-npapi
chromium-pulse
< 48.0.2564.109
CVE-2016-1622
CVE-2016-1623
CVE-2016-1625
CVE-2016-1626
CVE-2016-1627
http://googlechromereleases.blogspot.nl/2016/02/stable-channel-update_9.html
|
368993bb-d685-11e5-8858-00262d5ed8ee | chromium -- same origin bypass
Google Chrome Releases reports:
[583431] Critical CVE-2016-1629: Same-origin bypass in Blink
and Sandbox escape in Chrome. Credit to anonymous.
Discovery 2016-02-18 Entry 2016-02-18 chromium
chromium-npapi
chromium-pulse
< 48.0.2564.116
CVE-2016-1629
http://googlechromereleases.blogspot.nl/2016/02/stable-channel-update_18.html
|
371bbea9-3836-4832-9e70-e8e928727f8c | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
This update includes 37 security fixes, including:
- [497632] High CVE-2016-1612: Bad cast in V8.
- [572871] High CVE-2016-1613: Use-after-free in PDFium.
- [544691] Medium CVE-2016-1614: Information leak in Blink.
- [468179] Medium CVE-2016-1615: Origin confusion in Omnibox.
- [541415] Medium CVE-2016-1616: URL Spoofing.
- [544765] Medium CVE-2016-1617: History sniffing with HSTS and
CSP.
- [552749] Medium CVE-2016-1618: Weak random number generator in
Blink.
- [557223] Medium CVE-2016-1619: Out-of-bounds read in
PDFium.
- [579625] CVE-2016-1620: Various fixes from internal audits,
fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.8
branch.
Discovery 2016-01-20 Entry 2016-01-21 chromium
chromium-npapi
chromium-pulse
< 48.0.2564.82
CVE-2016-1612
CVE-2016-1613
CVE-2016-1614
CVE-2016-1615
CVE-2016-1616
CVE-2016-1617
CVE-2016-1618
CVE-2016-1619
CVE-2016-1620
http://googlechromereleases.blogspot.de/2016/01/stable-channel-update_20.html
|
4b9ca994-e3d9-11e6-813d-e8e0b747a45a | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
51 security fixes in this release
Please reference CVE/URL list for details
Discovery 2017-01-25 Entry 2017-01-26 chromium
chromium-npapi
chromium-pulse
< 56.0.2924.76
CVE-2017-5007
CVE-2017-5006
CVE-2017-5008
CVE-2017-5010
CVE-2017-5011
CVE-2017-5009
CVE-2017-5012
CVE-2017-5013
CVE-2017-5014
CVE-2017-5015
CVE-2017-5019
CVE-2017-5016
CVE-2017-5017
CVE-2017-5018
CVE-2017-2020
CVE-2017-2021
CVE-2017-2022
CVE-2017-2023
CVE-2017-2024
CVE-2017-2025
CVE-2017-2026
https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
|
4dfafa16-24ba-11e6-bd31-3065ec8fd3ec | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
5 security fixes in this release, including:
- [605766] High CVE-2016-1667: Same origin bypass in DOM. Credit
to Mariusz Mlynski.
- [605910] High CVE-2016-1668: Same origin bypass in Blink V8
bindings. Credit to Mariusz Mlynski.
- [606115] High CVE-2016-1669: Buffer overflow in V8. Credit to
Choongwoo Han.
- [578882] Medium CVE-2016-1670: Race condition in loader. Credit
to anonymous.
- [586657] Medium CVE-2016-1671: Directory traversal using the
file scheme on Android. Credit to Jann Horn.
Discovery 2016-05-11 Entry 2016-05-28 chromium
chromium-npapi
chromium-pulse
< 50.0.2661.102
CVE-2016-1667
CVE-2016-1668
CVE-2016-1669
CVE-2016-1670
CVE-2016-1671
http://googlechromereleases.blogspot.nl/2016/05/stable-channel-update.html
|
52f4b48b-4ac3-11e7-99aa-e8e0b747a45a | chromium -- multiple vulnerabilities
Google Chrome releases reports:
30 security fixes in this release
Please reference CVE/URL list for details
Discovery 2017-06-05 Entry 2017-06-06 chromium
chromium-pulse
< 59.0.3071.86
CVE-2017-5070
CVE-2017-5071
CVE-2017-5072
CVE-2017-5073
CVE-2017-5074
CVE-2017-5075
CVE-2017-5086
CVE-2017-5076
CVE-2017-5077
CVE-2017-5078
CVE-2017-5079
CVE-2017-5080
CVE-2017-5081
CVE-2017-5082
CVE-2017-5083
CVE-2017-5085
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
|
548f74bd-993c-11e5-956b-00262d5ed8ee | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
41 security fixes in this release, including:
- [558589] Critical CVE-2015-6765: Use-after-free in AppCache.
Credit to anonymous.
- [551044] High CVE-2015-6766: Use-after-free in AppCache.
Credit to anonymous.
- [554908] High CVE-2015-6767: Use-after-free in AppCache.
Credit to anonymous.
- [556724] High CVE-2015-6768: Cross-origin bypass in DOM.
Credit to Mariusz Mlynski.
- [534923] High CVE-2015-6769: Cross-origin bypass in core.
Credit to Mariusz Mlynski.
- [541206] High CVE-2015-6770: Cross-origin bypass in DOM.
Credit to Mariusz Mlynski.
- [544991] High CVE-2015-6771: Out of bounds access in v8.
Credit to anonymous.
- [546545] High CVE-2015-6772: Cross-origin bypass in DOM.
Credit to Mariusz Mlynski.
- [554946] High CVE-2015-6764: Out of bounds access in v8.
Credit to Guang Gong of Qihoo 360 via pwn2own.
- [491660] High CVE-2015-6773: Out of bounds access in Skia.
Credit to cloudfuzzer.
- [549251] High CVE-2015-6774: Use-after-free in Extensions.
Credit to anonymous.
- [529012] High CVE-2015-6775: Type confusion in PDFium.
Credit to Atte Kettunen of OUSPG.
- [457480] High CVE-2015-6776: Out of bounds access in PDFium.
Credit to Hanno Böck.
- [544020] High CVE-2015-6777: Use-after-free in DOM.
Credit to Long Liu of Qihoo 360Vulcan Team.
- [514891] Medium CVE-2015-6778: Out of bounds access in PDFium.
Credit to Karl Skomski.
- [528505] Medium CVE-2015-6779: Scheme bypass in PDFium.
Credit to Til Jasper Ullrich.
- [490492] Medium CVE-2015-6780: Use-after-free in Infobars.
Credit to Khalil Zhani.
- [497302] Medium CVE-2015-6781: Integer overflow in Sfntly.
Credit to miaubiz.
- [536652] Medium CVE-2015-6782: Content spoofing in Omnibox.
Credit to Luan Herrera.
- [537205] Medium CVE-2015-6783: Signature validation issue in
Android Crazy Linker. Credit to Michal Bednarski.
- [503217] Low CVE-2015-6784: Escaping issue in saved pages.
Credit to Inti De Ceukelaire.
- [534542] Low CVE-2015-6785: Wildcard matching issue in CSP.
Credit to Michael Ficarra / Shape Security.
- [534570] Low CVE-2015-6786: Scheme bypass in CSP. Credit to
Michael Ficarra / Shape Security.
- [563930] CVE-2015-6787: Various fixes from internal audits,
fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7
branch (currently 4.7.80.23).
Discovery 2015-12-01 Entry 2015-12-02 chromium
chromium-npapi
chromium-pulse
< 47.0.2526.73
CVE-2015-6765
CVE-2015-6766
CVE-2015-6767
CVE-2015-6768
CVE-2015-6769
CVE-2015-6770
CVE-2015-6771
CVE-2015-6772
CVE-2015-6773
CVE-2015-6774
CVE-2015-6775
CVE-2015-6776
CVE-2015-6777
CVE-2015-6778
CVE-2015-6779
CVE-2015-6780
CVE-2015-6781
CVE-2015-6782
CVE-2015-6783
CVE-2015-6784
CVE-2015-6785
CVE-2015-6786
CVE-2015-6787
http://googlechromereleases.blogspot.nl/2015/12/stable-channel-update.html
|
5c288f68-c7ca-4c0d-b7dc-1ec6295200b3 | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
[589838] High CVE-2016-1643: Type confusion in Blink.
[590620] High CVE-2016-1644: Use-after-free in Blink.
[587227] High CVE-2016-1645: Out-of-bounds write in PDFium.
Discovery 2016-03-08 Entry 2016-03-29 chromium
chromium-npapi
chromium-pulse
< 49.0.2623.87
CVE-2016-1643
CVE-2016-1644
CVE-2016-1645
http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_8.html
|
603fe0a1-bb26-11e6-8e5a-3065ec8fd3ec | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
36 security fixes in this release
Please reference CVE/URL list for details
Discovery 2016-12-01 Entry 2016-12-05 chromium
chromium-npapi
chromium-pulse
< 55.0.2883.75
CVE-2016-9651
CVE-2016-5208
CVE-2016-5207
CVE-2016-5206
CVE-2016-5205
CVE-2016-5204
CVE-2016-5209
CVE-2016-5203
CVE-2016-5210
CVE-2016-5212
CVE-2016-5211
CVE-2016-5213
CVE-2016-5214
CVE-2016-5216
CVE-2016-5215
CVE-2016-5217
CVE-2016-5218
CVE-2016-5219
CVE-2016-5221
CVE-2016-5220
CVE-2016-5222
CVE-2016-9650
CVE-2016-5223
CVE-2016-5226
CVE-2016-5225
CVE-2016-5224
CVE-2016-9652
https://googlechromereleases.blogspot.nl/2016/12/stable-channel-update-for-desktop.html
|
653a8059-7c49-11e6-9242-3065ec8fd3ec | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
Several security fixes in this release, including:
- [641101] High CVE-2016-5170: Use after free in Blink.Credit to
Anonymous
- [643357] High CVE-2016-5171: Use after free in Blink. Credit to
Anonymous
- [616386] Medium CVE-2016-5172: Arbitrary Memory Read in v8.
Credit to Choongwoo Han
- [468931] Medium CVE-2016-5173: Extension resource access.
Credit to Anonymous
- [579934] Medium CVE-2016-5174: Popup not correctly suppressed.
Credit to Andrey Kovalev (@L1kvID) Yandex Security Team
- [646394] CVE-2016-5175: Various fixes from internal audits,
fuzzing and other initiatives.
Discovery 2016-09-13 Entry 2016-09-16 chromium
chromium-npapi
chromium-pulse
< 53.0.2785.113
CVE-2016-5170
CVE-2016-5171
CVE-2016-5172
CVE-2016-5173
CVE-2016-5174
CVE-2016-5175
https://googlechromereleases.blogspot.nl/2016/09/stable-channel-update-for-desktop_13.html
|
6d8505f0-0614-11e6-b39c-00262d5ed8ee | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
20 security fixes in this release, including:
- [590275] High CVE-2016-1652: Universal XSS in extension
bindings. Credit to anonymous.
- [589792] High CVE-2016-1653: Out-of-bounds write in V8. Credit
to Choongwoo Han.
- [591785] Medium CVE-2016-1651: Out-of-bounds read in Pdfium
JPEG2000 decoding. Credit to kdot working with HP's Zero Day
Initiative.
- [589512] Medium CVE-2016-1654: Uninitialized memory read in
media. Credit to Atte Kettunen of OUSPG.
- [582008] Medium CVE-2016-1655: Use-after-free related to
extensions. Credit to Rob Wu.
- [570750] Medium CVE-2016-1656: Android downloaded file path
restriction bypass. Credit to Dzmitry Lukyanenko.
- [567445] Medium CVE-2016-1657: Address bar spoofing. Credit to
Luan Herrera.
- [573317] Low CVE-2016-1658: Potential leak of sensitive
information to malicious extensions. Credit to Antonio Sanso
(@asanso) of Adobe.
- [602697] CVE-2016-1659: Various fixes from internal audits,
fuzzing and other initiatives.
Discovery 2016-04-13 Entry 2016-04-19 chromium
chromium-npapi
chromium-pulse
< 50.0.2661.75
CVE-2016-1651
CVE-2016-1652
CVE-2016-1653
CVE-2016-1654
CVE-2016-1655
CVE-2016-1656
CVE-2016-1657
CVE-2016-1658
CVE-2016-1659
http://googlechromereleases.blogspot.nl/2016/04/stable-channel-update_13.html
|
6fae9fe1-5048-11e6-8aa7-3065ec8fd3ec | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
48 security fixes in this release, including:
- [610600] High CVE-2016-1706: Sandbox escape in PPAPI. Credit to
Pinkie Pie xisigr of Tencent's Xuanwu Lab
- [613949] High CVE-2016-1708: Use-after-free in Extensions.
Credit to Adam Varsan
- [614934] High CVE-2016-1709: Heap-buffer-overflow in sfntly.
Credit to ChenQin of Topsec Security Team
- [616907] High CVE-2016-1710: Same-origin bypass in Blink.
Credit to Mariusz Mlynski
- [617495] High CVE-2016-1711: Same-origin bypass in Blink.
Credit to Mariusz Mlynski
- [618237] High CVE-2016-5127: Use-after-free in Blink. Credit
to cloudfuzzer
- [619166] High CVE-2016-5128: Same-origin bypass in V8. Credit
to Anonymous
- [620553] High CVE-2016-5129: Memory corruption in V8. Credit to
Jeonghoon Shin
- [623319] High CVE-2016-5130: URL spoofing. Credit to Wadih
Matar
- [623378] High CVE-2016-5131: Use-after-free in libxml. Credit
to Nick Wellnhofer
- [607543] Medium CVE-2016-5132: Limited same-origin bypass in
Service Workers. Credit to Ben Kelly
- [613626] Medium CVE-2016-5133: Origin confusion in proxy
authentication. Credit to Patch Eudor
- [593759] Medium CVE-2016-5134: URL leakage via PAC script.
Credit to Paul Stone
- [605451] Medium CVE-2016-5135: Content-Security-Policy bypass.
Credit to kingxwy
- [625393] Medium CVE-2016-5136: Use after free in extensions.
Credit to Rob Wu
- [625945] Medium CVE-2016-5137: History sniffing with HSTS and
CSP. Credit to Xiaoyin Liu
- [629852] CVE-2016-1705: Various fixes from internal audits,
fuzzing and other initiatives.
Discovery 2016-07-20 Entry 2016-07-22 chromium
chromium-npapi
chromium-pulse
< 52.0.2743.82
CVE-2016-1705
CVE-2016-1706
CVE-2016-1708
CVE-2016-1709
CVE-2016-1710
CVE-2016-1711
CVE-2016-5127
CVE-2016-5128
CVE-2016-5129
CVE-2016-5130
CVE-2016-5131
CVE-2016-5132
CVE-2016-5133
CVE-2016-5134
CVE-2016-5135
CVE-2016-5136
CVE-2016-5137
https://googlechromereleases.blogspot.nl/2016/07/stable-channel-update.html
|
72c145df-a1e0-11e5-8ad0-00262d5ed8ee | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
7 security fixes in this release, including:
- [548273] High CVE-2015-6788: Type confusion in extensions.
Credit to anonymous.
- [557981] High CVE-2015-6789: Use-after-free in Blink. Credit to
cloudfuzzer.
- [542054] Medium CVE-2015-6790: Escaping issue in saved pages.
Credit to Inti De Ceukelaire.
- [567513] CVE-2015-6791: Various fixes from internal audits,
fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7
branch (currently 4.7.80.23).
Discovery 2015-12-08 Entry 2015-12-13 chromium
chromium-npapi
chromium-pulse
< 47.0.2526.80
CVE-2015-6788
CVE-2015-6789
CVE-2015-6790
CVE-2015-6791
http://googlechromereleases.blogspot.nl/2015/12/stable-channel-update_8.html
|
769ba449-79e1-11e6-bf75-3065ec8fd3ec | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
33 security fixes in this release
Please reference CVE/URL list for details
Discovery 2016-08-31 Entry 2016-09-13 chromium
chromium-npapi
chromium-pulse
< 53.0.2785.92
CVE-2016-5147
CVE-2016-5148
CVE-2016-5149
CVE-2016-5150
CVE-2016-5151
CVE-2016-5152
CVE-2016-5153
CVE-2016-5154
CVE-2016-5155
CVE-2016-5156
CVE-2016-5157
CVE-2016-5158
CVE-2016-5159
CVE-2016-5160
CVE-2016-5161
CVE-2016-5162
CVE-2016-5163
CVE-2016-5164
CVE-2016-5165
CVE-2016-5166
CVE-2016-5167
https://googlechromereleases.blogspot.nl/2016/08/stable-channel-update-for-desktop_31.html
|
7cf058d8-158d-11e7-ba2c-e8e0b747a45a | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
5 security fixes in this release, including:
- [698622] Critical CVE-2017-5055: Use after free in printing. Credit to
Wadih Matar
- [699166] High CVE-2017-5054: Heap buffer overflow in V8. Credit to
Nicolas Trippar of Zimperium zLabs
- [662767] High CVE-2017-5052: Bad cast in Blink. Credit to
JeongHoon Shin
- [705445] High CVE-2017-5056: Use after free in Blink. Credit to
anonymous
- [702058] High CVE-2017-5053: Out of bounds memory access in V8. Credit to
Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)
Discovery 2017-03-29 Entry 2017-03-30 chromium
chromium-npapi
chromium-pulse
< 57.0.2987.133
CVE-2017-5055
CVE-2017-5054
CVE-2017-5052
CVE-2017-5056
CVE-2017-5053
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html
|
7d138476-7710-11e7-88a1-e8e0b747a45a | chromium -- multiple vulnerabilities
Google Chrome releases reports:
40 security fixes in this release
Please reference CVE/URL list for details
Discovery 2017-07-25 Entry 2017-08-01 chromium
chromium-pulse
< 60.0.3112.78
CVE-2017-5091
CVE-2017-5092
CVE-2017-5093
CVE-2017-5094
CVE-2017-5095
CVE-2017-5096
CVE-2017-5097
CVE-2017-5098
CVE-2017-5099
CVE-2017-5100
CVE-2017-5101
CVE-2017-5102
CVE-2017-5103
CVE-2017-5104
CVE-2017-7000
CVE-2017-5105
CVE-2017-5106
CVE-2017-5107
CVE-2017-5108
CVE-2017-5109
CVE-2017-5110
https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html
|
7da1da96-24bb-11e6-bd31-3065ec8fd3ec | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
9 security fixes in this release, including:
- [574802] High CVE-2016-1660: Out-of-bounds write in Blink.
Credit to Atte Kettunen of OUSPG.
- [601629] High CVE-2016-1661: Memory corruption in cross-process
frames. Credit to Wadih Matar.
- [603732] High CVE-2016-1662: Use-after-free in extensions.
Credit to Rob Wu.
- [603987] High CVE-2016-1663: Use-after-free in Blink's V8
bindings. Credit to anonymous.
- [597322] Medium CVE-2016-1664: Address bar spoofing. Credit to
Wadih Matar.
- [606181] Medium CVE-2016-1665: Information leak in V8. Credit
to HyungSeok Han.
- [607652] CVE-2016-1666: Various fixes from internal audits,
fuzzing and other initiatives.
Discovery 2016-04-28 Entry 2016-05-28 chromium
chromium-npapi
chromium-pulse
< 50.0.2661.94
CVE-2016-1660
CVE-2016-1661
CVE-2016-1662
CVE-2016-1663
CVE-2016-1664
CVE-2016-1665
CVE-2016-1666
http://googlechromereleases.blogspot.nl/2016/04/stable-channel-update_28.html
|
8301c04d-71df-11e5-9fcb-00262d5ed8ee | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
24 security fixes in this release, including:
- [519558] High CVE-2015-6755: Cross-origin bypass in Blink.
Credit to Mariusz Mlynski.
- [507316] High CVE-2015-6756: Use-after-free in PDFium. Credit
to anonymous.
- [529520] High CVE-2015-6757: Use-after-free in ServiceWorker.
Credit to Collin Payne.
- [522131] High CVE-2015-6758: Bad-cast in PDFium. Credit to Atte
Kettunen of OUSPG.
- [514076] Medium CVE-2015-6759: Information leakage in
LocalStorage. Credit to Muneaki Nishimura (nishimunea).
- [519642] Medium CVE-2015-6760: Improper error handling in
libANGLE. Credit to lastland.net.
- [447860,532967] Medium CVE-2015-6761: Memory corruption in
FFMpeg. Credit to Aki Helin of OUSPG and anonymous.
- [512678] Low CVE-2015-6762: CORS bypass via CSS fonts. Credit
to Muneaki Nishimura (nishimunea).
- [542517] CVE-2015-6763: Various fixes from internal audits,
fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.6
branch (currently 4.6.85.23).
Discovery 2015-10-13 Entry 2015-10-13 chromium
chromium-npapi
chromium-pulse
< 46.0.2490.71
CVE-2015-6755
CVE-2015-6756
CVE-2015-6757
CVE-2015-6758
CVE-2015-6759
CVE-2015-6760
CVE-2015-6761
CVE-2015-6762
CVE-2015-6763
http://googlechromereleases.blogspot.nl/2015/10/stable-channel-update.html
|
8505e013-c2b3-11e4-875d-000c6e25e3e9 | chromium -- multiple vulnerabilities
Chrome Releases reports:
51 security fixes in this release, including:
- [456516] High CVE-2015-1212: Out-of-bounds write in media.
Credit to anonymous.
- [448423] High CVE-2015-1213: Out-of-bounds write in skia
filters. Credit to cloudfuzzer.
- [445810] High CVE-2015-1214: Out-of-bounds write in skia
filters. Credit to cloudfuzzer.
- [445809] High CVE-2015-1215: Out-of-bounds write in skia
filters. Credit to cloudfuzzer.
- [454954] High CVE-2015-1216: Use-after-free in v8 bindings.
Credit to anonymous.
- [456192] High CVE-2015-1217: Type confusion in v8 bindings.
Credit to anonymous.
- [456059] High CVE-2015-1218: Use-after-free in dom.
Credit to cloudfuzzer.
- [446164] High CVE-2015-1219: Integer overflow in webgl.
Credit to Chen Zhang (demi6od) of NSFOCUS Security Team.
- [437651] High CVE-2015-1220: Use-after-free in gif decoder.
Credit to Aki Helin of OUSPG.
- [455368] High CVE-2015-1221: Use-after-free in web databases.
Credit to Collin Payne.
- [448082] High CVE-2015-1222: Use-after-free in service workers.
Credit to Collin Payne.
- [454231] High CVE-2015-1223: Use-after-free in dom.
Credit to Maksymillian Motyl.
- High CVE-2015-1230: Type confusion in v8.
Credit to Skylined working with HP's Zero Day Initiative.
- [449958] Medium CVE-2015-1224: Out-of-bounds read in vpxdecoder.
Credit to Aki Helin of OUSPG.
- [446033] Medium CVE-2015-1225: Out-of-bounds read in pdfium.
Credit to cloudfuzzer.
- [456841] Medium CVE-2015-1226: Validation issue in debugger.
Credit to Rob Wu.
- [450389] Medium CVE-2015-1227: Uninitialized value in blink.
Credit to Christoph Diehl.
- [444707] Medium CVE-2015-1228: Uninitialized value in rendering.
Credit to miaubiz.
- [431504] Medium CVE-2015-1229: Cookie injection via proxies.
Credit to iliwoy.
- [463349] CVE-2015-1231: Various fixes from internal audits,
fuzzing, and other initiatives.
Discovery 2015-03-03 Entry 2015-03-04 chromium
< 41.0.2272.76
chromium-npapi
< 41.0.2272.76
chromium-pulse
< 41.0.2272.76
CVE-2015-1212
CVE-2015-1213
CVE-2015-1214
CVE-2015-1215
CVE-2015-1216
CVE-2015-1217
CVE-2015-1218
CVE-2015-1219
CVE-2015-1220
CVE-2015-1221
CVE-2015-1222
CVE-2015-1223
CVE-2015-1224
CVE-2015-1225
CVE-2015-1226
CVE-2015-1227
CVE-2015-1228
CVE-2015-1229
CVE-2015-1230
CVE-2015-1231
http://googlechromereleases.blogspot.nl
|
8be8ca39-ae70-4422-bf1a-d8fae6911c5e | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
[594574] High CVE-2016-1646: Out-of-bounds read in V8.
[590284] High CVE-2016-1647: Use-after-free in Navigation.
[590455] High CVE-2016-1648: Use-after-free in Extensions.
[597518] CVE-2016-1650: Various fixes from internal audits,
fuzzing and other initiatives.
Multiple vulnerabilities in V8 fixed at the tip of the
4.9 branch
Discovery 2016-03-24 Entry 2016-03-29 chromium
chromium-npapi
chromium-pulse
< 49.0.2623.108
CVE-2016-1646
CVE-2016-1647
CVE-2016-1648
CVE-2016-1649
CVE-2016-1650
http://googlechromereleases.blogspot.de/2016/03/stable-channel-update_24.html
|
9118961b-9fa5-11e6-a265-3065ec8fd3ec | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
21 security fixes in this release, including:
- [645211] High CVE-2016-5181: Universal XSS in Blink. Credit to
Anonymous
- [638615] High CVE-2016-5182: Heap overflow in Blink. Credit to
Giwan Go of STEALIEN
- [645122] High CVE-2016-5183: Use after free in PDFium. Credit
to Anonymous
- [630654] High CVE-2016-5184: Use after free in PDFium. Credit
to Anonymous
- [621360] High CVE-2016-5185: Use after free in Blink. Credit to
cloudfuzzer
- [639702] High CVE-2016-5187: URL spoofing. Credit to Luan
Herrera
- [565760] Medium CVE-2016-5188: UI spoofing. Credit to Luan
Herrera
- [633885] Medium CVE-2016-5192: Cross-origin bypass in Blink.
Credit to haojunhou@gmail.com
- [646278] Medium CVE-2016-5189: URL spoofing. Credit to xisigr
of Tencent's Xuanwu Lab
- [644963] Medium CVE-2016-5186: Out of bounds read in DevTools.
Credit to Abdulrahman Alqabandi (@qab)
- [639126] Medium CVE-2016-5191: Universal XSS in Bookmarks.
Credit to Gareth Hughes
- [642067] Medium CVE-2016-5190: Use after free in Internals.
Credit to Atte Kettunen of OUSPG
- [639658] Low CVE-2016-5193: Scheme bypass. Credit to Yuyang
ZHOU (martinzhou96)
- [654782] CVE-2016-5194: Various fixes from internal audits,
fuzzing and other initiatives
Discovery 2016-10-12 Entry 2016-10-31 chromium
chromium-npapi
chromium-pulse
< 54.0.2840.59
CVE-2016-5181
CVE-2016-5182
CVE-2016-5183
CVE-2016-5184
CVE-2016-5185
CVE-2016-5186
CVE-2016-5187
CVE-2016-5188
CVE-2016-5189
CVE-2016-5190
CVE-2016-5191
CVE-2016-5192
CVE-2016-5193
CVE-2016-5194
https://googlechromereleases.blogspot.nl/2016/10/stable-channel-update-for-desktop.html
|
958b9cee-79da-11e6-bf75-3065ec8fd3ec | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
10 security fixes in this release, including:
- [629542] High CVE-2016-5141 Address bar spoofing. Credit to
anonymous
- [626948] High CVE-2016-5142 Use-after-free in Blink. Credit to
anonymous
- [625541] High CVE-2016-5139 Heap overflow in pdfium. Credit to
GiWan Go of Stealien
- [619405] High CVE-2016-5140 Heap overflow in pdfium. Credit to
Ke Liu of Tencent's Xuanwu LAB
- [623406] Medium CVE-2016-5145 Same origin bypass for images in
Blink. Credit to anonymous
- [619414] Medium CVE-2016-5143 Parameter sanitization failure in
DevTools. Credit to Gregory Panakkal
- [618333] Medium CVE-2016-5144 Parameter sanitization failure in
DevTools. Credit to Gregory Panakkal
- [633486] CVE-2016-5146: Various fixes from internal audits,
fuzzing and other initiatives.
Discovery 2016-08-03 Entry 2016-09-13 chromium
chromium-npapi
chromium-pulse
< 52.0.2743.116
CVE-2016-5139
CVE-2016-5140
CVE-2016-5141
CVE-2016-5142
CVE-2016-5143
CVE-2016-5144
CVE-2016-5145
CVE-2016-5146
https://googlechromereleases.blogspot.nl/2016/08/stable-channel-update-for-desktop.html
|
95a74a48-2691-11e7-9e2d-e8e0b747a45a | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
29 security fixes in this release, including:
- [695826] High CVE-2017-5057: Type confusion in PDFium. Credit to
Guang Gong of Alpha Team, Qihoo 360
- [694382] High CVE-2017-5058: Heap use after free in Print Preview.
Credit to Khalil Zhani
- [684684] High CVE-2017-5059: Type confusion in Blink. Credit to
SkyLined working with Trend Micro's Zero Day Initiative
- [683314] Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to
Xudong Zheng
- [672847] Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to
Haosheng Wang (@gnehsoah)
- [702896] Medium CVE-2017-5062: Use after free in Chrome Apps.
Credit to anonymous
- [700836] Medium CVE-2017-5063: Heap overflow in Skia. Credit to
Sweetchip
- [693974] Medium CVE-2017-5064: Use after free in Blink. Credit to
Wadih Matar
- [704560] Medium CVE-2017-5065: Incorrect UI in Blink. Credit to
Khalil Zhani
- [690821] Medium CVE-2017-5066: Incorrect signature handing in Networking.
Credit to Prof. Zhenhua Duan, Prof. Cong Tian, and Ph.D candidate Chu Chen
(ICTT, Xidian University)
- [648117] Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to
Khalil Zhani
- [691726] Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to
Michael Reizelman
- [713205] Various fixes from internal audits, fuzzing and other initiatives
Discovery 2017-04-19 Entry 2017-04-21 chromium
chromium-pulse
< 58.0.3029.81
CVE-2017-5057
CVE-2017-5058
CVE-2017-5059
CVE-2017-5060
CVE-2017-5061
CVE-2017-5062
CVE-2017-5063
CVE-2017-5064
CVE-2017-5065
CVE-2017-5066
CVE-2017-5067
CVE-2017-5069
https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html
|
9c135c7e-9fa4-11e6-a265-3065ec8fd3ec | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
3 security fixes in this release, including:
- [642496] High CVE-2016-5177: Use after free in V8. Credit to
Anonymous
- [651092] CVE-2016-5178: Various fixes from internal audits,
fuzzing and other initiatives.
Discovery 2016-09-29 Entry 2016-10-31 chromium
chromium-npapi
chromium-pulse
< 53.0.2785.143
CVE-2016-5177
CVE-2016-5178
https://googlechromereleases.blogspot.nl/2016/09/stable-channel-update-for-desktop_29.html
|
9d732078-32c7-11e5-b263-00262d5ed8ee | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
43 security fixes in this release, including:
- [446032] High CVE-2015-1271: Heap-buffer-overflow in pdfium.
Credit to cloudfuzzer.
- [459215] High CVE-2015-1273: Heap-buffer-overflow in pdfium.
Credit to makosoft.
- [461858] High CVE-2015-1274: Settings allowed executable files
to run immediately after download. Credit to andrewm.bpi.
- [462843] High CVE-2015-1275: UXSS in Chrome for Android. Credit
to WangTao(neobyte) of Baidu X-Team.
- [472614] High CVE-2015-1276: Use-after-free in IndexedDB.
Credit to Collin Payne.
- [483981] High CVE-2015-1279: Heap-buffer-overflow in pdfium.
Credit to mlafon.
- [486947] High CVE-2015-1280: Memory corruption in skia. Credit
to cloudfuzzer.
- [487155] High CVE-2015-1281: CSP bypass. Credit to Masato
Kinugawa.
- [487928] High CVE-2015-1282: Use-after-free in pdfium. Credit
to Chamal de Silva.
- [492052] High CVE-2015-1283: Heap-buffer-overflow in expat.
Credit to sidhpurwala.huzaifa.
- [493243] High CVE-2015-1284: Use-after-free in blink. Credit to
Atte Kettunen of OUSPG.
- [504011] High CVE-2015-1286: UXSS in blink. Credit to
anonymous.
- [505374] High CVE-2015-1290: Memory corruption in V8. Credit to
Yongjun Liu of NSFOCUS Security Team.
- [419383] Medium CVE-2015-1287: SOP bypass with CSS. Credit to
filedescriptor.
- [444573] Medium CVE-2015-1270: Uninitialized memory read in
ICU. Credit to Atte Kettunen of OUSPG.
- [451456] Medium CVE-2015-1272: Use-after-free related to
unexpected GPU process termination. Credit to Chamal de
Silva.
- [479743] Medium CVE-2015-1277: Use-after-free in accessibility.
Credit to SkyLined.
- [482380] Medium CVE-2015-1278: URL spoofing using pdf files.
Credit to Chamal de Silva.
- [498982] Medium CVE-2015-1285: Information leak in XSS auditor.
Credit to gazheyes.
- [479162] Low CVE-2015-1288: Spell checking dictionaries fetched
over HTTP. Credit to mike@michaelruddy.com.
- [512110] CVE-2015-1289: Various fixes from internal audits,
fuzzing and other initiatives.
Discovery 2015-07-21 Entry 2015-07-25 chromium
< 44.0.2403.89
chromium-npapi
< 44.0.2403.89
chromium-pulse
< 44.0.2403.89
CVE-2015-1270
CVE-2015-1271
CVE-2015-1272
CVE-2015-1273
CVE-2015-1274
CVE-2015-1275
CVE-2015-1276
CVE-2015-1277
CVE-2015-1278
CVE-2015-1279
CVE-2015-1280
CVE-2015-1281
CVE-2015-1282
CVE-2015-1283
CVE-2015-1284
CVE-2015-1285
CVE-2015-1286
CVE-2015-1287
CVE-2015-1288
CVE-2015-1289
CVE-2015-1290
http://googlechromereleases.blogspot.nl/
|
a3473f5a-a739-11e6-afaa-e8e0b747a45a | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
4 security fixes in this release, including:
- [643948] High CVE-2016-5199: Heap corruption in FFmpeg. Credit to
Paul Mehta
- [658114] High CVE-2016-5200: Out of bounds memory access in V8. Credit to
Choongwoo Han
- [660678] Medium CVE-2016-5201: Info leak in extensions. Credit to
Rob Wu
- [662843] CVE-2016-5202: Various fixes from internal audits,
fuzzing and other initiatives
Discovery 2016-11-09 Entry 2016-11-10 chromium
chromium-npapi
chromium-pulse
< 54.0.2840.100
CVE-2016-5199
CVE-2016-5200
CVE-2016-5201
CVE-2016-5202
https://googlechromereleases.blogspot.nl/2016/11/stable-channel-update-for-desktop_9.html
|
a505d397-0758-11e7-8d8b-e8e0b747a45a | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
36 security fixes in this release
Please reference CVE/URL list for details
Discovery 2017-03-09 Entry 2017-03-12 chromium
chromium-npapi
chromium-pulse
< 57.0.2987.98
CVE-2017-5030
CVE-2017-5031
CVE-2017-5032
CVE-2017-5029
CVE-2017-5034
CVE-2017-5035
CVE-2017-5036
CVE-2017-5037
CVE-2017-5039
CVE-2017-5040
CVE-2017-5041
CVE-2017-5033
CVE-2017-5042
CVE-2017-5038
CVE-2017-5043
CVE-2017-5044
CVE-2017-5045
CVE-2017-5046
https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
|
a6eb239f-adbe-11e4-9fce-080027593b9a | chromium -- multiple vulnerabilities
Chrome Releases reports:
11 security fixes in this release, including:
- [447906] High CVE-2015-1209: Use-after-free in DOM. Credit to
Maksymillian.
- [453979] High CVE-2015-1210: Cross-origin-bypass in V8
bindings. Credit to anonymous.
- [453982] High CVE-2015-1211: Privilege escalation using service
workers. Credit to anonymous.
- [455225] CVE-2015-1212: Various fixes from internal audits,
fuzzing and other initiatives.
Discovery 2015-02-05 Entry 2015-02-06 chromium
< 40.0.2214.111
chromium-pulse
< 40.0.2214.111
CVE-2015-1209
CVE-2015-1210
CVE-2015-1211
CVE-2015-1212
http://googlechromereleases.blogspot.nl
|
a9350df8-5157-11e5-b5c1-e8e0b747a45a | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
29 security fixes in this release, including:
- [516377] High CVE-2015-1291: Cross-origin bypass in DOM. Credit
to anonymous.
- [522791] High CVE-2015-1292: Cross-origin bypass in
ServiceWorker. Credit to Mariusz Mlynski.
- [524074] High CVE-2015-1293: Cross-origin bypass in DOM. Credit
to Mariusz Mlynski.
- [492263] High CVE-2015-1294: Use-after-free in Skia. Credit
to cloudfuzzer.
- [502562] High CVE-2015-1295: Use-after-free in Printing. Credit
to anonymous.
- [421332] High CVE-2015-1296: Character spoofing in omnibox.
Credit to zcorpan.
- [510802] Medium CVE-2015-1297: Permission scoping error in
Webrequest. Credit to Alexander Kashev.
- [518827] Medium CVE-2015-1298: URL validation error in
extensions. Credit to Rob Wu.
- [416362] Medium CVE-2015-1299: Use-after-free in Blink. Credit
to taro.suzuki.dev.
- [511616] Medium CVE-2015-1300: Information leak in Blink. Credit
to cgvwzq.
- [526825] CVE-2015-1301: Various fixes from internal audits,
fuzzing and other initiatives.
Discovery 2015-09-01 Entry 2015-09-02 chromium
< 45.0.2454.85
chromium-npapi
< 45.0.2454.85
chromium-pulse
< 45.0.2454.85
CVE-2015-1291
CVE-2015-1292
CVE-2015-1293
CVE-2015-1294
CVE-2015-1295
CVE-2015-1296
CVE-2015-1297
CVE-2015-1298
CVE-2015-1299
CVE-2015-1300
CVE-2015-1301
http://googlechromereleases.blogspot.nl
|
a9d456b4-fe4c-11e4-ad15-00262d5ed8ee | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
37 security fixes in this release, including:
- [474029] High CVE-2015-1252: Sandbox escape in Chrome. Credit
to anonymous.
- [464552] High CVE-2015-1253: Cross-origin bypass in DOM. Credit
to anonymous.
- [444927] High CVE-2015-1254: Cross-origin bypass in Editing.
Credit to armin@rawsec.net.
- [473253] High CVE-2015-1255: Use-after-free in WebAudio. Credit
to Khalil Zhani.
- [478549] High CVE-2015-1256: Use-after-free in SVG. Credit to
Atte Kettunen of OUSPG.
- [481015] High CVE-2015-1251: Use-after-free in Speech. Credit
to SkyLined working with HP's Zero Day Initiative.
- [468519] Medium CVE-2015-1257: Container-overflow in SVG.
Credit to miaubiz.
- [450939] Medium CVE-2015-1258: Negative-size parameter in
libvpx. Credit to cloudfuzzer
- [468167] Medium CVE-2015-1259: Uninitialized value in PDFium.
Credit to Atte Kettunen of OUSPG
- [474370] Medium CVE-2015-1260: Use-after-free in WebRTC. Credit
to Khalil Zhani.
- [466351] Medium CVE-2015-1261: URL bar spoofing. Credit to Juho
Nurminen.
- [476647] Medium CVE-2015-1262: Uninitialized value in Blink.
Credit to miaubiz.
- [479162] Low CVE-2015-1263: Insecure download of spellcheck
dictionary. Credit to Mike Ruddy.
- [481015] Low CVE-2015-1264: Cross-site scripting in bookmarks.
Credit to K0r3Ph1L.
- [489518] CVE-2015-1265: Various fixes from internal audits,
fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3
branch (currently 4.3.61.21).
Discovery 2015-05-19 Entry 2015-05-19 chromium
< 43.0.2357.65
chromium-npapi
< 43.0.2357.65
chromium-pulse
< 43.0.2357.65
http://googlechromereleases.blogspot.nl/2015/05/stable-channel-update_19.html
CVE-2015-1251
CVE-2015-1252
CVE-2015-1253
CVE-2015-1254
CVE-2015-1255
CVE-2015-1256
CVE-2015-1257
CVE-2015-1258
CVE-2015-1259
CVE-2015-1260
CVE-2015-1261
CVE-2015-1262
CVE-2015-1263
CVE-2015-1264
CVE-2015-1265
|
ae9cb9b8-a203-11e6-a265-3065ec8fd3ec | chromium -- out-of-bounds memory access
Google Chrome Releases reports:
[659475] High CVE-2016-5198: Out of bounds memory access in V8.
Credit to Tencent Keen Security Lab, working with Trend Micro's
Zero Day Initiative.
Discovery 2016-11-01 Entry 2016-11-03 chromium
chromium-npapi
chromium-pulse
< 54.0.2840.90
CVE-2016-5198
https://googlechromereleases.blogspot.nl/2016/11/stable-channel-update-for-desktop.html
|
b57f690e-ecc9-11e4-876c-00262d5ed8ee | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
45 new security fixes, including:
- [456518] High CVE-2015-1235: Cross-origin-bypass in HTML
parser. Credit to anonymous.
- [313939] Medium CVE-2015-1236: Cross-origin-bypass in Blink.
Credit to Amitay Dobo.
- [461191] High CVE-2015-1237: Use-after-free in IPC. Credit to
Khalil Zhani.
- [445808] High CVE-2015-1238: Out-of-bounds write in Skia.
Credit to cloudfuzzer.
- [463599] Medium CVE-2015-1240: Out-of-bounds read in WebGL.
Credit to w3bd3vil.
- [418402] Medium CVE-2015-1241: Tap-Jacking. Credit to Phillip
Moon and Matt Weston of Sandfield Information Systems.
- [460917] High CVE-2015-1242: Type confusion in V8. Credit to
fcole@onshape.com.
- [455215] Medium CVE-2015-1244: HSTS bypass in WebSockets.
Credit to Mike Ruddy.
- [444957] Medium CVE-2015-1245: Use-after-free in PDFium. Credit
to Khalil Zhani.
- [437399] Medium CVE-2015-1246: Out-of-bounds read in Blink.
Credit to Atte Kettunen of OUSPG.
- [429838] Medium CVE-2015-1247: Scheme issues in OpenSearch.
Credit to Jann Horn.
- [380663] Medium CVE-2015-1248: SafeBrowsing bypass. Credit to
Vittorio Gambaletta (VittGam).
- [476786] CVE-2015-1249: Various fixes from internal audits,
fuzzing and other initiatives. Multiple vulnerabilities in V8
fixed at the tip of the 4.2 branch (currently 4.2.77.14).
Discovery 2015-04-14 Entry 2015-04-27 chromium
< 42.0.2311.90
chromium-npapi
< 42.0.2311.90
chromium-pulse
< 42.0.2311.90
http://googlechromereleases.blogspot.nl/2015/04/stable-channel-update_14.html
CVE-2015-1235
CVE-2015-1236
CVE-2015-1237
CVE-2015-1238
CVE-2015-1240
CVE-2015-1241
CVE-2015-1242
CVE-2015-1244
CVE-2015-1245
CVE-2015-1246
CVE-2015-1247
CVE-2015-1248
CVE-2015-1249
|
bb7d4791-a5bf-11e5-a0e5-00262d5ed8ee | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
2 security fixes in this release, including:
- [569486] CVE-2015-6792: Fixes from internal audits and
fuzzing.
Discovery 2015-12-16 Entry 2015-12-18 chromium
chromium-npapi
chromium-pulse
< 47.0.2526.106
CVE-2015-6792
http://googlechromereleases.blogspot.nl/2015/12/stable-channel-update_15.html
|
c039a761-2c29-11e6-8912-3065ec8fd3ec | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
15 security fixes in this release, including:
- 601073] High CVE-2016-1696: Cross-origin bypass in Extension
bindings. Credit to anonymous.
- [613266] High CVE-2016-1697: Cross-origin bypass in Blink.
Credit to Mariusz Mlynski.
- [603725] Medium CVE-2016-1698: Information leak in Extension
bindings. Credit to Rob Wu.
- [607939] Medium CVE-2016-1699: Parameter sanitization failure
in DevTools. Credit to Gregory Panakkal.
- [608104] Medium CVE-2016-1700: Use-after-free in Extensions.
Credit to Rob Wu.
- [608101] Medium CVE-2016-1701: Use-after-free in Autofill.
Credit to Rob Wu.
- [609260] Medium CVE-2016-1702: Out-of-bounds read in Skia.
Credit to cloudfuzzer.
- [616539] CVE-2016-1703: Various fixes from internal audits,
fuzzing and other initiatives.
Discovery 2016-06-01 Entry 2016-06-06 chromium
chromium-npapi
chromium-pulse
< 51.0.2704.79
CVE-2016-1695
CVE-2016-1696
CVE-2016-1697
CVE-2016-1698
CVE-2016-1699
CVE-2016-1700
CVE-2016-1701
CVE-2016-1702
CVE-2016-1703
http://googlechromereleases.blogspot.nl/2016/06/stable-channel-update.html
|
d2bbcc01-4ec3-11e4-ab3f-00262d5ed8ee | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
159 security fixes in this release, including 113 found using
MemorySanitizer:
- [416449] Critical CVE-2014-3188: A special thanks to Jüri Aedla
for a combination of V8 and IPC bugs that can lead to remote code
execution outside of the sandbox.
- [398384] High CVE-2014-3189: Out-of-bounds read in PDFium.
Credit to cloudfuzzer.
- [400476] High CVE-2014-3190: Use-after-free in Events. Credit
to cloudfuzzer.
- [402407] High CVE-2014-3191: Use-after-free in Rendering.
Credit to cloudfuzzer.
- [403276] High CVE-2014-3192: Use-after-free in DOM. Credit to
cloudfuzzer.
- [399655] High CVE-2014-3193: Type confusion in Session Management.
Credit to miaubiz.
- [401115] High CVE-2014-3194: Use-after-free in Web Workers.
Credit to Collin Payne.
- [403409] Medium CVE-2014-3195: Information Leak in V8. Credit
to Jüri Aedla.
- [338538] Medium CVE-2014-3196: Permissions bypass in Windows
Sandbox. Credit to James Forshaw.
- [396544] Medium CVE-2014-3197: Information Leak in XSS Auditor.
Credit to Takeshi Terada.
- [415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium.
Credit to Atte Kettunen of OUSPG.
- [395411] Low CVE-2014-3199: Release Assert in V8 bindings.
Credit to Collin Payne.
- [420899] CVE-2014-3200: Various fixes from internal audits,
fuzzing and other initiatives (Chrome 38).
- Multiple vulnerabilities in V8 fixed at the tip of the 3.28
branch (currently 3.28.71.15).
Discovery 2014-10-07 Entry 2014-10-08 chromium
chromium-pulse
< 38.0.2125.101
CVE-2014-3188
CVE-2014-3189
CVE-2014-3190
CVE-2014-3191
CVE-2014-3192
CVE-2014-3193
CVE-2014-3194
CVE-2014-3195
CVE-2014-3196
CVE-2014-3197
CVE-2014-3198
CVE-2014-3199
CVE-2014-3200
http://googlechromereleases.blogspot.nl/2014/10/stable-channel-update.html
|
d395e44f-6f4f-11e4-a444-00262d5ed8ee | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
42 security fixes in this release, including:
- [389734] High CVE-2014-7899: Address bar spoofing. Credit to
Eli Grey.
- [406868] High CVE-2014-7900: Use-after-free in pdfium. Credit
to Atte Kettunen from OUSPG.
- [413375] High CVE-2014-7901: Integer overflow in pdfium. Credit
to cloudfuzzer.
- [414504] High CVE-2014-7902: Use-after-free in pdfium. Credit
to cloudfuzzer.
- [414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit
to cloudfuzzer.
- [418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to
Atte Kettunen from OUSPG.
- [421817] High CVE-2014-7905: Flaw allowing navigation to
intents that do not have the BROWSABLE category. Credit to
WangTao(neobyte) of Baidu X-Team.
- [423030] High CVE-2014-7906: Use-after-free in pepper plugins.
Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
- [423703] High CVE-2014-0574: Double-free in Flash. Credit to
biloulehibou.
- [424453] High CVE-2014-7907: Use-after-free in blink. Credit to
Chen Zhang (demi6od) of the NSFOCUS Security Team.
- [425980] High CVE-2014-7908: Integer overflow in media. Credit
to Christoph Diehl.
- [391001] Medium CVE-2014-7909: Uninitialized memory read in
Skia. Credit to miaubiz.
- CVE-2014-7910: Various fixes from internal audits, fuzzing and
other initiatives.
Discovery 2014-11-18 Entry 2014-11-18 chromium
< 39.0.2171.65
chromium-pulse
< 39.0.2171.65
CVE-2014-0574
CVE-2014-7899
CVE-2014-7900
CVE-2014-7901
CVE-2014-7902
CVE-2014-7903
CVE-2014-7904
CVE-2014-7905
CVE-2014-7906
CVE-2014-7907
CVE-2014-7908
CVE-2014-7909
CVE-2014-7910
http://googlechromereleases.blogspot.nl/2014/11/stable-channel-update_18.html
|
d46ed7b8-1912-11e5-9fdf-00262d5ed8ee | www/chromium -- multiple vulnerabilities
Google Chrome Releases reports:
4 security fixes in this release:
- [464922] High CVE-2015-1266: Scheme validation error in WebUI.
Credit to anonymous.
- [494640] High CVE-2015-1268: Cross-origin bypass in Blink.
Credit to Mariusz Mlynski.
- [497507] Medium CVE-2015-1267: Cross-origin bypass in Blink.
Credit to anonymous.
- [461481] Medium CVE-2015-1269: Normalization error in HSTS/HPKP
preload list. Credit to Mike Ruddy.
Discovery 2015-06-22 Entry 2015-06-22 chromium
< 43.0.2357.130
chromium-npapi
< 43.0.2357.130
chromium-pulse
< 43.0.2357.130
CVE-2015-1266
CVE-2015-1267
CVE-2015-1268
CVE-2015-1269
http://googlechromereleases.blogspot.nl/2015/06/chrome-stable-update.html
|
d59ebed4-34be-11e6-be25-3065ec8fd3ec | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
3 security fixes in this release, including:
- [620742] CVE-2016-1704: Various fixes from internal audits,
fuzzing and other initiatives.
Discovery 2016-06-16 Entry 2016-06-17 chromium
chromium-npapi
chromium-pulse
< 51.0.2704.103
CVE-2016-1704
https://googlechromereleases.blogspot.nl/2016/06/stable-channel-update_16.html
|
e30e0c99-a1b7-11e4-b85c-00262d5ed8ee | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
62 security fixes in this release, including:
- [430353] High CVE-2014-7923: Memory corruption in ICU. Credit
to yangdingning.
- [435880] High CVE-2014-7924: Use-after-free in IndexedDB.
Credit to Collin Payne.
- [434136] High CVE-2014-7925: Use-after-free in WebAudio. Credit
to mark.buer.
- [422824] High CVE-2014-7926: Memory corruption in ICU. Credit
to yangdingning.
- [444695] High CVE-2014-7927: Memory corruption in V8. Credit to
Christian Holler.
- [435073] High CVE-2014-7928: Memory corruption in V8. Credit to
Christian Holler.
- [442806] High CVE-2014-7930: Use-after-free in DOM. Credit to
cloudfuzzer.
- [442710] High CVE-2014-7931: Memory corruption in V8. Credit to
cloudfuzzer.
- [443115] High CVE-2014-7929: Use-after-free in DOM. Credit to
cloudfuzzer.
- [429666] High CVE-2014-7932: Use-after-free in DOM. Credit to
Atte Kettunen of OUSPG.
- [427266] High CVE-2014-7933: Use-after-free in FFmpeg. Credit
to aohelin.
- [427249] High CVE-2014-7934: Use-after-free in DOM. Credit to
cloudfuzzer.
- [402957] High CVE-2014-7935: Use-after-free in Speech. Credit
to Khalil Zhani.
- [428561] High CVE-2014-7936: Use-after-free in Views. Credit
to Christoph Diehl.
- [419060] High CVE-2014-7937: Use-after-free in FFmpeg. Credit
to Atte Kettunen of OUSPG.
- [416323] High CVE-2014-7938: Memory corruption in Fonts. Credit
to Atte Kettunen of OUSPG.
- [399951] High CVE-2014-7939: Same-origin-bypass in V8. Credit
to Takeshi Terada.
- [433866] Medium CVE-2014-7940: Uninitialized-value in ICU.
Credit to miaubiz.
- [428557] Medium CVE-2014-7941: Out-of-bounds read in UI. Credit
to Atte Kettunen of OUSPG and Christoph Diehl.
- [426762] Medium CVE-2014-7942: Uninitialized-value in Fonts.
Credit to miaubiz.
- [422492] Medium CVE-2014-7943: Out-of-bounds read in Skia.
Credit to Atte Kettunen of OUSPG.
- [418881] Medium CVE-2014-7944: Out-of-bounds read in PDFium.
Credit to cloudfuzzer.
- [414310] Medium CVE-2014-7945: Out-of-bounds read in PDFium.
Credit to cloudfuzzer.
- [414109] Medium CVE-2014-7946: Out-of-bounds read in Fonts.
Credit to miaubiz.
- [430566] Medium CVE-2014-7947: Out-of-bounds read in PDFium.
Credit to fuzztercluck.
- [414026] Medium CVE-2014-7948: Caching error in AppCache.
Credit to jiayaoqijia.
- [449894] CVE-2015-1205: Various fixes from internal audits,
fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 3.30
branch (currently 3.30.33.15).
Discovery 2015-01-21 Entry 2015-01-21 chromium
< 40.0.2214.91
chromium-pulse
< 40.0.2214.91
CVE-2014-7923
CVE-2014-7924
CVE-2014-7925
CVE-2014-7926
CVE-2014-7927
CVE-2014-7928
CVE-2014-7929
CVE-2014-7930
CVE-2014-7931
CVE-2014-7932
CVE-2014-7933
CVE-2014-7934
CVE-2014-7935
CVE-2014-7936
CVE-2014-7937
CVE-2014-7938
CVE-2014-7939
CVE-2014-7940
CVE-2014-7941
CVE-2014-7942
CVE-2014-7943
CVE-2014-7944
CVE-2014-7945
CVE-2014-7946
CVE-2014-7947
CVE-2014-7948
CVE-2015-1205
http://googlechromereleases.blogspot.nl
|
f0b9049f-88c4-11e5-aed7-00262d5ed8ee | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
[520422] High CVE-2015-1302: Information leak in PDF viewer.
Credit to Rob Wu.
Discovery 2015-11-10 Entry 2015-11-11 chromium
chromium-npapi
chromium-pulse
< 46.0.2490.86
CVE-2015-1302
http://googlechromereleases.blogspot.nl/2015/11/stable-channel-update.html
|
f53dd5cc-527f-11e7-a772-e8e0b747a45a | chromium -- multiple vulnerabilities
Google Chrome releases reports:
5 security fixes in this release, including:
- [725032] High CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by
Ned Williamson on 2017-05-22
- [729991] High CVE-2017-5088: Out of bounds read in V8. Reported by
Xiling Gong of Tencent Security Platform Department on 2017-06-06
- [714196] Medium CVE-2017-5089: Domain spoofing in Omnibox. Reported by
Michal Bentkowski on 2017-04-21
- [732498] Various fixes from internal audits, fuzzing and other initiatives
Discovery 2017-06-15 Entry 2017-06-16 chromium
chromium-pulse
< 59.0.3071.104
CVE-2017-5087
CVE-2017-5088
CVE-2017-5089
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html
|
f85fa236-e2a6-412e-b5c7-c42120892de5 | chromium -- multiple vulnerabilities
Google Chrome Releases reports:
[560011] High CVE-2016-1630: Same-origin bypass in Blink.
[569496] High CVE-2016-1631: Same-origin bypass in Pepper Plugin.
[549986] High CVE-2016-1632: Bad cast in Extensions.
[572537] High CVE-2016-1633: Use-after-free in Blink.
[559292] High CVE-2016-1634: Use-after-free in Blink.
[585268] High CVE-2016-1635: Use-after-free in Blink.
[584155] High CVE-2016-1636: SRI Validation Bypass.
[555544] Medium CVE-2016-1637: Information Leak in Skia.
[585282] Medium CVE-2016-1638: WebAPI Bypass.
[572224] Medium CVE-2016-1639: Use-after-free in WebRTC.
[550047] Medium CVE-2016-1640: Origin confusion in Extensions UI.
[583718] Medium CVE-2016-1641: Use-after-free in Favicon.
[591402] CVE-2016-1642: Various fixes from internal audits, fuzzing and other initiatives.
Multiple vulnerabilities in V8 fixed.
Discovery 2016-03-02 Entry 2016-03-05 chromium
chromium-npapi
chromium-pulse
< 49.0.2623.75
CVE-2016-1630
CVE-2016-1631
CVE-2016-1632
CVE-2016-1633
CVE-2016-1634
CVE-2016-1635
CVE-2016-1636
CVE-2016-1637
CVE-2016-1638
CVE-2016-1639
CVE-2016-1640
CVE-2016-1641
CVE-2016-1642
http://googlechromereleases.blogspot.de/2016/03/stable-channel-update.html
|