Executive Summary
| Summary | |
|---|---|
| Title | chromium-browser security update |
| Informations | |||
|---|---|---|---|
| Name | DSA-3267 | First vendor Publication | 2015-05-22 |
| Vendor | Debian | Last vendor Modification | 2015-05-22 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several vulnerabilities were discovered in the chromium web browser. CVE-2015-1251 SkyLined discovered a use-after-free issue in speech recognition. CVE-2015-1252 An out-of-bounds write issue was discovered that could be used to escape from the sandbox. CVE-2015-1253 A cross-origin bypass issue was discovered in the DOM parser. CVE-2015-1254 A cross-origin bypass issue was discovered in the DOM editing feature. CVE-2015-1255 Khalil Zhani discovered a use-after-free issue in WebAudio. CVE-2015-1256 Atte Kettunen discovered a use-after-free issue in the SVG implementation. CVE-2015-1257 miaubiz discovered an overflow issue in the SVG implementation. CVE-2015-1258 cloudfuzzer discovered an invalid size parameter used in the libvpx library. CVE-2015-1259 Atte Kettunen discovered an uninitialized memory issue in the pdfium library. CVE-2015-1260 Khalil Zhani discovered multiple use-after-free issues in chromium's interface to the WebRTC library. CVE-2015-1261 Juho Nurminen discovered a URL bar spoofing issue. CVE-2015-1262 miaubiz discovered the use of an uninitialized class member in font handling. CVE-2015-1263 Mike Ruddy discovered that downloading the spellcheck dictionary was not done over HTTPS. CVE-2015-1264 K0r3Ph1L discovered a cross-site scripting issue that could be triggered by bookmarking a site. CVE-2015-1265 The chrome 43 development team found and fixed various issues during internal auditing. Also multiple issues were fixed in the libv8 library, version 4.3.61.21. For the stable distribution (jessie), these problems have been fixed in version 43.0.2357.65-1~deb8u1. For the testing distribution (stretch), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 43.0.2357.65-1. We recommend that you upgrade your chromium-browser packages. |
Original Source
| Url : http://www.debian.org/security/2015/dsa-3267 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 30 % | CWE-17 | Code |
| 20 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 10 % | CWE-284 | Access Control (Authorization) Issues |
| 10 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 10 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 10 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
| 10 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2015-10-06 | Name : The remote Fedora host is missing a security update. File : fedora_2015-15935.nasl - Type : ACT_GATHER_INFO |
| 2015-09-25 | Name : The remote Fedora host is missing a security update. File : fedora_2015-15936.nasl - Type : ACT_GATHER_INFO |
| 2015-09-21 | Name : The remote Fedora host is missing a security update. File : fedora_2015-15934.nasl - Type : ACT_GATHER_INFO |
| 2015-07-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3315.nasl - Type : ACT_GATHER_INFO |
| 2015-06-23 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201506-04.nasl - Type : ACT_GATHER_INFO |
| 2015-06-01 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-390.nasl - Type : ACT_GATHER_INFO |
| 2015-05-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3267.nasl - Type : ACT_GATHER_INFO |
| 2015-05-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1023.nasl - Type : ACT_GATHER_INFO |
| 2015-05-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2610-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : google_chrome_43_0_2357_65.nasl - Type : ACT_GATHER_INFO |
| 2015-05-21 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_google_chrome_43_0_2357_65.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a9d456b4fe4c11e4ad1500262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2015-05-27 13:26:58 |
|
| 2015-05-22 09:29:24 |
|
