Description
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary code.
Below is a complete list of vulnerabilities
- Integer overflow at WebCursor can be exploited remotely via a specially designed data to cause denial of service;
- Improper data handling at MIDI can be exploited remotely to cause denial of service or execute arbitrary code.
Technical details
Vulnerability (1) related to WebCursor::Deserialize function in content/common/cursors/webcursor.cc and can be triggered via RGBA pixel array with specially designed dimensions.
Vulnerability (2) related tosendung data handling at midi_manager.cc, midi_manager_alsa.cc and midi_manager_mac.cc
Original advisories
Related products
CVE list
- CVE-2015-8664 critical
- CVE-2015-6792 critical
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!