Multiple vulnerabilities in Google Chrome

Описание

Multiple critical vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions or inject arbitrary code.

Below is a complete list of vulnerabilities

1. Name conflict can be exploited remotely via a specially designed JavaScript;
2. An use-after-free vulnerability can be exploited remotely via incorrect operating with Web SQL Database, a specially designed GIF image, moving SCIPT element to different documents, vectors related to caching notifiers, vectors related to read-only fields or invalid input, vectors related to frame detachment;
3. Lack of parameters check can be exploited remotely via a specially designed VPx video;
4. Unknown vulnerability can be exploited remotely via vectors related to PDFium and Skia;
5. Improper URL restrictions can be exploited remotely via a specially designed extension;
6. Problems with memory initialization can be exploited remotely via a specially designed image;
7. Integer overflow can be exploited remotely via vectors related to memory allocation;
8. Integer overflow and out-of-bounds write operation can be exploited remotely via vectors related to Skia;
9. Improper compile listners can be exploited remotely via vectors related to Blink;
10. Lack of realyout operation enforcement and memory initialization can be exploited remotely via specially designed CSS;
11. Improper handling of 407 status can be exploited remotely via specially designed response.

Первичный источник обнаружения

• Google blog entry
  

Связанные продукты

• Google-Chrome

Список CVE

• CVE-2015-1223
  critical
• CVE-2015-1222
  critical
• CVE-2015-1218
  critical
• CVE-2015-1230
  critical
• CVE-2015-1227
  critical
• CVE-2015-1226
  critical
• CVE-2015-1225
  critical
• CVE-2015-1224
  critical
• CVE-2015-1221
  critical
• CVE-2015-1213
  critical
• CVE-2015-1212
  critical
• CVE-2015-1228
  critical
• CVE-2015-1229
  critical
• CVE-2015-1214
  critical
• CVE-2015-1220
  high
• CVE-2015-1219
  critical
• CVE-2015-1217
  critical
• CVE-2015-1215
  critical
• CVE-2015-1216
  critical

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com