Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:google:chrome:37.0.2062.3:*:*:*:*:*:*:*
There are 1,612 matching records.
Displaying matches 1,421 through 1,440.
Vuln ID Summary CVSS Severity
CVE-2015-1302

The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc.

Published: November 11, 2015; 6:59:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-7834

Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: October 15, 2015; 6:59:12 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6763

Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: October 15, 2015; 6:59:09 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6762

The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows remote web servers to bypass the Same Origin Policy via a redirect.

Published: October 15, 2015; 6:59:08 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6761

The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file.

Published: October 15, 2015; 6:59:06 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-6760

The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device.

Published: October 15, 2015; 6:59:05 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6759

The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors involving a blob: URL.

Published: October 15, 2015; 6:59:04 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-6758

The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.

Published: October 15, 2015; 6:59:04 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-6757

Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging object destruction in a callback.

Published: October 15, 2015; 6:59:03 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6756

Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging mishandling of a focused annotation in a PDF document.

Published: October 15, 2015; 6:59:01 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-6755

The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.

Published: October 15, 2015; 6:59:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-1304

object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.

Published: October 11, 2015; 9:59:17 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-1303

bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element.

Published: October 11, 2015; 9:59:15 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6583

Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hosted_app_browser_controller.cc.

Published: September 03, 2015; 6:59:16 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-6582

The decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not verify that a matrix inversion succeeded, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted web site.

Published: September 03, 2015; 6:59:15 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-6581

Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering a memory-allocation failure.

Published: September 03, 2015; 6:59:14 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-6580

Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before 45.0.2454.85, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: September 03, 2015; 6:59:13 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-1301

Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: September 03, 2015; 6:59:12 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-1300

The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call.

Published: September 03, 2015; 6:59:11 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1299

Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging erroneous timer firing, related to ThreadTimers.cpp and Timer.cpp.

Published: September 03, 2015; 6:59:09 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH