Описание
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary code.
Below is a complete list of vulnerabilities
- Integer overflow at WebCursor can be exploited remotely via a specially designed data to cause denial of service;
- Improper data handling at MIDI can be exploited remotely to cause denial of service or execute arbitrary code.
Technical details
Vulnerability (1) related to WebCursor::Deserialize function in content/common/cursors/webcursor.cc and can be triggered via RGBA pixel array with specially designed dimensions.
Vulnerability (2) related tosendung data handling at midi_manager.cc, midi_manager_alsa.cc and midi_manager_mac.cc
Первичный источник обнаружения
Связанные продукты
Список CVE
- CVE-2015-8664 critical
- CVE-2015-6792 critical
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!